The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-02-11T00:00:00

Updated: 2024-08-03T03:51:45.993Z

Reserved: 2022-01-24T00:00:00

Link: CVE-2022-23853

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-02-11T18:15:11.850

Modified: 2024-11-21T06:49:21.820

Link: CVE-2022-23853

cve-icon Redhat

No data.