Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Tabby has a TCC Bypass via Misconfigured Node Fuses
Vulnerability Description
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.217 , Tabby enables several high-risk Electron Fuses, including RunAsNode, EnableNodeCliInspectArguments, and EnableNodeOptionsEnvironmentVariable. These fuses create potential code injection vectors even though the application is signed with hardened runtime and lacks dangerous entitlements such as com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables. This vulnerability is fixed in 1.0.217.
CVSS Information
N/A
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
Tabby 代码注入漏洞
Vulnerability Description
Tabby(Terminus)是Eugene个人开发者的一个适用于 Windows 10、macOS 和 Linux 的高度可配置的终端仿真器、SSH 和串行客户端。 Tabby 1.0.217之前版本存在代码注入漏洞,该漏洞源于其启用了多个高风险的Electron Fuses,从而产生潜在的代码注入向量。
CVSS Information
N/A
Vulnerability Type
N/A