CVE-2024-42029
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-42029
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-42029.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-42029
- Published
- 2024-07-27T04:15:02Z
- Modified
- 2025-10-21T23:37:24.684596Z
- Severity
-
- 6.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
xdg-desktop-portal-hyprland (aka an XDG Desktop Portal backend for Hyprland) before 1.3.3 allows OS command execution, e.g., because single quotes are not used when sending a list of app IDs and titles via the environment.
- References
Affected packages
Git / github.com/hyprwm/xdg-desktop-portal-hyprland
Affected ranges
- Type
- GIT
- Repo
- https://github.com/hyprwm/xdg-desktop-portal-hyprland
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
v0.*
v0.1.0
v0.2.0
v0.2.1
v0.3.0
v0.3.1
v0.4.0
v0.5.0
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.2.6
v1.3.0
v1.3.1
v1.3.2
Database specific
vanir_signatures
[
{
"source": "https://github.com/hyprwm/xdg-desktop-portal-hyprland/commit/0bb709491baffd69f4f861802f00cf60c77cc2cd",
"signature_version": "v1",
"id": "CVE-2024-42029-0d0da702",
"signature_type": "Function",
"digest": {
"function_hash": "339824184505221654862837895756808425377",
"length": 295.0
},
"deprecated": false,
"target": {
"file": "src/shared/ScreencopyShared.cpp",
"function": "sanitizeNameForWindowList"
}
},
{
"source": "https://github.com/hyprwm/xdg-desktop-portal-hyprland/commit/0bb709491baffd69f4f861802f00cf60c77cc2cd",
"signature_version": "v1",
"id": "CVE-2024-42029-615c8cbb",
"signature_type": "Function",
"digest": {
"function_hash": "226988745604055160673845921031300067154",
"length": 1141.0
},
"deprecated": false,
"target": {
"file": "src/portals/Screenshot.cpp",
"function": "CScreenshotPortal::onScreenshot"
}
},
{
"source": "https://github.com/hyprwm/xdg-desktop-portal-hyprland/commit/0bb709491baffd69f4f861802f00cf60c77cc2cd",
"signature_version": "v1",
"id": "CVE-2024-42029-6ac23960",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"263353676725836984454338072864965789616",
"267385591937378893114695760875548620478",
"162445810971826390043729114434286489498",
"159529140581881390253434995123153536832",
"22419902531322941293705666853242338747",
"260115692627439796104343584620224222531",
"4308625417775660837253756440118071176",
"38343150690842652122549721831897302629",
"156430145538550124046286059626466844354"
]
},
"deprecated": false,
"target": {
"file": "src/shared/ScreencopyShared.cpp"
}
},
{
"source": "https://github.com/hyprwm/xdg-desktop-portal-hyprland/commit/0bb709491baffd69f4f861802f00cf60c77cc2cd",
"signature_version": "v1",
"id": "CVE-2024-42029-6e2ca064",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"22236800427479599331756703542064575390",
"153693121718848738332313764025811101925",
"300172920906603010037492998758735839327",
"336024901254686825919957240940457792278"
]
},
"deprecated": false,
"target": {
"file": "src/portals/Screencopy.cpp"
}
},
{
"source": "https://github.com/hyprwm/xdg-desktop-portal-hyprland/commit/0bb709491baffd69f4f861802f00cf60c77cc2cd",
"signature_version": "v1",
"id": "CVE-2024-42029-c45daa2e",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"236544608746723644571968326095784264585",
"72665977629219456687345857466537189155",
"242969042309093449442284878386152926046",
"57223873975587882599277000252735014100",
"296199707000582846300893121350927773266"
]
},
"deprecated": false,
"target": {
"file": "src/shared/ScreencopyShared.hpp"
}
},
{
"source": "https://github.com/hyprwm/xdg-desktop-portal-hyprland/commit/0bb709491baffd69f4f861802f00cf60c77cc2cd",
"signature_version": "v1",
"id": "CVE-2024-42029-e6514538",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"101103267360459191430588124871542855495",
"190281958750636965079634839616893945663",
"274678928264551362284413814191892410366",
"3449922670485100075204978239567409239",
"248178104946905635616142211136115950646",
"110657868155716707247872920496092106763",
"75617608514168065846690318934222645158",
"136704257797979985496903033377381172105",
"136728006112097361984273699499486809153"
]
},
"deprecated": false,
"target": {
"file": "src/helpers/Log.hpp"
}
},
{
"source": "https://github.com/hyprwm/xdg-desktop-portal-hyprland/commit/0bb709491baffd69f4f861802f00cf60c77cc2cd",
"signature_version": "v1",
"id": "CVE-2024-42029-e88c15fa",
"signature_type": "Function",
"digest": {
"function_hash": "53969150223300511150468630837663550661",
"length": 2401.0
},
"deprecated": false,
"target": {
"file": "src/shared/ScreencopyShared.cpp",
"function": "promptForScreencopySelection"
}
},
{
"source": "https://github.com/hyprwm/xdg-desktop-portal-hyprland/commit/0bb709491baffd69f4f861802f00cf60c77cc2cd",
"signature_version": "v1",
"id": "CVE-2024-42029-f86b413a",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"38282054404288652055878473809753785275",
"335050272739078331988220467684294530723",
"209193135884993318914254567970286257673",
"230060244792769958480231059943350723572",
"19142846056624570894709099800986078332",
"63916027592623899689708360647275086211",
"306819543869685256433155915862682751670",
"325607819160316271825753244741670355739",
"324787880936985428514095896572894831530",
"276029557463020489394897244836861132496",
"304978318538451508759437018186902311894",
"263963613143031026094373369523069587359",
"225934950136995995273726719329961993895",
"324090524719508611010354660463528396766",
"94797437216311493141661686009749205172",
"148731127540347652901856742039849290201",
"10950153470404941461684985116022230876",
"10602845271067801644232351782510893485",
"24322258622387066722367968282215476523",
"81759145937571033914036077902484902962",
"88217685472019319954756158843038962145",
"207526173658531031556546653665461400706",
"277689663708399266848029713645882304574",
"126620767343770445970461985287548832069",
"63255683396406838921355557431676312090",
"47913797360004250095460945866744802688",
"6465928612338906098569569799284656680"
]
},
"deprecated": false,
"target": {
"file": "src/portals/Screenshot.cpp"
}
}
]