Exposed Dangerous Method or Function Affecting guake package, versions [,3.8.5)
Snyk CVSS
Attack Complexity
High
Confidentiality
High
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.23% (61st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PYTHON-GUAKE-2386334
- published 7 Feb 2022
- disclosed 27 Jan 2022
- credit junorouse
Introduced: 27 Jan 2022
CVE-2021-23556 Open this link in a new tabHow to fix?
Upgrade guake
to version 3.8.5 or higher.
Overview
guake is a Guake Terminal
Affected versions of this package are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command
and execute_command_by_uuid
methods via the d-bus
interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method.
Note: Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands.