CVE-2024-49400 | THREATINT

Description

Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That would have potentially allowed unauthorized commands to be executed.

PUBLISHED Reserved 2024-10-15 | Published 2024-10-17 | Updated 2024-11-01 | Assigner facebook

Problem types

Permissive Regular Expression (CWE-625)

Product status

Default status

unaffected

Any version before 07b49d1358e6ec0b5aa482fcd284f509191119e2

affected

References

www.facebook.com/security/advisories/cve-2024-49400

cve.org (CVE-2024-49400)

nvd.nist.gov (CVE-2024-49400)

Download JSON