The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-02-11T00:00:00
Updated: 2024-08-03T03:51:45.993Z
Reserved: 2022-01-24T00:00:00
Link: CVE-2022-23853
Vulnrichment
No data.
NVD
Status : Modified
Published: 2022-02-11T18:15:11.850
Modified: 2024-11-21T06:49:21.820
Link: CVE-2022-23853
Redhat
No data.