GHSA-j42f-wc6v-5xpq: Duplicate Advisory: Permissive Regular Expression in tacquito

October 17, 2024 (updated November 1, 2024)

Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That would have potentially allowed unauthorized commands to be executed.

References

github.com/advisories/GHSA-j42f-wc6v-5xpq
nvd.nist.gov/vuln/detail/CVE-2024-49400
www.facebook.com/security/advisories/cve-2024-49400

Code Behaviors & Features

Detect and mitigate GHSA-j42f-wc6v-5xpq with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →