CVE-2024-55950

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-55950

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-55950.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-55950

Related

GHSA-jx33-9jc7-24gc

Published

2024-12-26T22:15:17Z

Modified

2025-01-15T05:16:52.631019Z

Summary

[none]

Details

Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds powerful permissions including camera, microphone access, and the ability to access personal folders (Downloads, Documents, etc.) through Apple Events, while also maintaining dangerous entitlements that enable code injection. The concerning entitlements are com.apple.security.cs.allow-dyld-environment-variables and com.apple.security.cs.disable-library-validation. Since Tabby's plugins and themes are NodeJS-based without native libraries or frameworks, and no environment variables are used in the codebase, it is recommended to review and remove at least one of the entitlements (com.apple.security.cs.disable-library-validation or com.apple.security.cs.allow-dyld-environment-variables) to prevent DYLDINSERTLIBRARIES injection while maintaining full application functionality. This vulnerability is fixed in 1.0.216.

References

Affected packages

Git / github.com/eugeny/tabby

Affected ranges

Type: GIT
Repo: https://github.com/eugeny/tabby
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e1e6e1cdab0310a881e36afd7c2744e5f905518b

Affected versions

v0.*

v0.0.1

v1.*

v1.0.0-alpha.1

v1.0.0-alpha.10

v1.0.0-alpha.11

v1.0.0-alpha.12

v1.0.0-alpha.13

v1.0.0-alpha.14

v1.0.0-alpha.15

v1.0.0-alpha.16

v1.0.0-alpha.17

v1.0.0-alpha.18

v1.0.0-alpha.19

v1.0.0-alpha.2

v1.0.0-alpha.20

v1.0.0-alpha.21

v1.0.0-alpha.22

v1.0.0-alpha.23

v1.0.0-alpha.24

v1.0.0-alpha.25

v1.0.0-alpha.26

v1.0.0-alpha.27

v1.0.0-alpha.28

v1.0.0-alpha.29

v1.0.0-alpha.3

v1.0.0-alpha.30

v1.0.0-alpha.31

v1.0.0-alpha.32

v1.0.0-alpha.32.2

v1.0.0-alpha.33

v1.0.0-alpha.34

v1.0.0-alpha.35

v1.0.0-alpha.36

v1.0.0-alpha.37

v1.0.0-alpha.38

v1.0.0-alpha.39

v1.0.0-alpha.4

v1.0.0-alpha.40

v1.0.0-alpha.41

v1.0.0-alpha.42

v1.0.0-alpha.43

v1.0.0-alpha.44

v1.0.0-alpha.45

v1.0.0-alpha.46

v1.0.0-alpha.47

v1.0.0-alpha.48

v1.0.0-alpha.49

v1.0.0-alpha.5

v1.0.0-alpha.50

v1.0.0-alpha.51

v1.0.0-alpha.52

v1.0.0-alpha.53

v1.0.0-alpha.54

v1.0.0-alpha.55

v1.0.0-alpha.56

v1.0.0-alpha.57

v1.0.0-alpha.58

v1.0.0-alpha.59

v1.0.0-alpha.6

v1.0.0-alpha.60

v1.0.0-alpha.61

v1.0.0-alpha.62

v1.0.0-alpha.63

v1.0.0-alpha.64

v1.0.0-alpha.7

v1.0.0-alpha.8

v1.0.1

v1.0.100

v1.0.101

v1.0.102

v1.0.103

v1.0.104

v1.0.105

v1.0.106

v1.0.107

v1.0.108

v1.0.109

v1.0.110

v1.0.111

v1.0.112

v1.0.113

v1.0.114

v1.0.115

v1.0.116

v1.0.117

v1.0.118

v1.0.119

v1.0.120

v1.0.121

v1.0.122

v1.0.123

v1.0.124

v1.0.125

v1.0.126

v1.0.127

v1.0.128

v1.0.129

v1.0.130

v1.0.131

v1.0.132

v1.0.133

v1.0.134

v1.0.135

v1.0.136

v1.0.137

v1.0.138

v1.0.139

v1.0.140

v1.0.141

v1.0.142

v1.0.143

v1.0.144

v1.0.145

v1.0.146

v1.0.147

v1.0.148

v1.0.149

v1.0.150

v1.0.151

v1.0.152

v1.0.154

v1.0.155

v1.0.156

v1.0.157

v1.0.158

v1.0.159

v1.0.160

v1.0.161

v1.0.162

v1.0.163

v1.0.164

v1.0.165

v1.0.166

v1.0.167

v1.0.168

v1.0.169

v1.0.170

v1.0.171

v1.0.172

v1.0.173

v1.0.174

v1.0.175

v1.0.176

v1.0.177

v1.0.178

v1.0.179

v1.0.180

v1.0.181

v1.0.182

v1.0.183

v1.0.184

v1.0.186

v1.0.187

v1.0.188

v1.0.189

v1.0.190

v1.0.191

v1.0.192

v1.0.193

v1.0.194

v1.0.195

v1.0.196

v1.0.197

v1.0.198

v1.0.199

v1.0.200

v1.0.201

v1.0.202

v1.0.204

v1.0.205

v1.0.206

v1.0.207

v1.0.208

v1.0.209

v1.0.210

v1.0.211

v1.0.212

v1.0.213

v1.0.214

v1.0.215

v1.0.65

v1.0.66

v1.0.67

v1.0.68

v1.0.69

v1.0.70

v1.0.71

v1.0.72

v1.0.73

v1.0.74

v1.0.75

v1.0.76

v1.0.77

v1.0.78

v1.0.78-rc.1

v1.0.78-rc.2

v1.0.78-rc.3

v1.0.79

v1.0.80

v1.0.81

v1.0.82

v1.0.83

v1.0.84

v1.0.85

v1.0.86

v1.0.87

v1.0.88

v1.0.89

v1.0.90

v1.0.91

v1.0.92

v1.0.93

v1.0.94

v1.0.95

v1.0.96

v1.0.97

v1.0.98

v1.0.99