漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Tabby has a TCC Bypass via Misconfigured Node Fuses
Vulnerability Description
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.217 , Tabby enables several high-risk Electron Fuses, including RunAsNode, EnableNodeCliInspectArguments, and EnableNodeOptionsEnvironmentVariable. These fuses create potential code injection vectors even though the application is signed with hardened runtime and lacks dangerous entitlements such as com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables. This vulnerability is fixed in 1.0.217.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Tabby 代码注入漏洞
Vulnerability Description
Tabby(Terminus)是Eugene个人开发者的一个适用于 Windows 10、macOS 和 Linux 的高度可配置的终端仿真器、SSH 和串行客户端。 Tabby 1.0.217之前版本存在代码注入漏洞,该漏洞源于其启用了多个高风险的Electron Fuses,从而产生潜在的代码注入向量。
CVSS Information
N/A
Vulnerability Type
N/A