CVE-2024-49400

Oct. 18, 2024, 12:52 p.m.

Product(s) Impacted

Tacquito

  • before commit 07b49d1358e6ec0b5aa482fcd284f509191119e2

Description

Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That would have potentially allowed unauthorized commands to be executed.

Weaknesses

Date

Published: Oct. 17, 2024, 6:15 p.m.

Last Modified: Oct. 18, 2024, 12:52 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve-assign@fb.com

References