CVE-2022-41945

Description

super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

4ra1n / super-xray< 0.2-beta – < 0.2-beta

References

VENDOR_ADVISORYhttps://github.com/4ra1n/super-xray/security/advisories/GHSA-732j-763p-cvqg
PATCHhttps://github.com/4ra1n/super-xray/releases/tag/0.2-beta