Homepage
About Snyk

Exposed Dangerous Method or Function Affecting guake package, versions [,3.8.5)

0.0
medium

Snyk CVSS

    Attack Complexity High
    Confidentiality High

    Threat Intelligence

    Exploit Maturity Proof of concept
    EPSS 0.23% (61st percentile)
Expand this section
NVD
8 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PYTHON-GUAKE-2386334
  • published 7 Feb 2022
  • disclosed 27 Jan 2022
  • credit junorouse
Report a new vulnerability Found a mistake?

Introduced: 27 Jan 2022

CVE-2021-23556 Open this link in a new tab
CWE-749 Open this link in a new tab
First added by Snyk

How to fix?

Upgrade guake to version 3.8.5 or higher.

Overview

guake is a Guake Terminal

Affected versions of this package are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method.

Note: Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands.