CVE-2024-25255

Sažetak

Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module. NOTE: multiple third parties report that this is intended behavior.

Reference

https://exploitart.ist/exploit/2023/09/17/sublime-text-os-command-injection.html
https://forum.sublimetext.com/t/cve-2024-25255-critical/74906/3
https://www.sublimetext.com/docs/build_systems.html#exec-target-options
https://www.sublimetext.com/docs/build_systems.html#shell_cmd.

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

24-12-2024 - 06:15

Objavljeno

11-11-2024 - 23:15