Livebook is a web application for writing interactive and collaborative code notebooks. On Windows, it is possible to open a `livebook://` link from a browser which opens Livebook Desktop and triggers arbitrary code execution on victim's machine. Any user using Livebook Desktop on Windows is potentially vulnerable to arbitrary code execution when they expect Livebook to be opened from browser. This vulnerability has been fixed in version 0.8.2 and 0.9.3.
Metrics
Affected Vendors & Products
References
History
Fri, 06 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-06-22T13:34:38.492Z
Updated: 2024-12-06T15:14:24.752Z
Reserved: 2023-06-14T14:17:52.180Z
Link: CVE-2023-35174
Vulnrichment
Updated: 2024-08-02T16:23:59.573Z
NVD
Status : Modified
Published: 2023-06-22T14:15:09.517
Modified: 2024-11-21T08:08:05.560
Link: CVE-2023-35174
Redhat
No data.