CVE-2023-43091

CRITICAL

GNOME Maps - Code Injection

Title source: llm

Description

A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service.json configuration file. If the configuration file is malicious, it may execute arbitrary code.

References (3)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2239091

[Patch] https://gitlab.gnome.org/GNOME/gnome-maps/-/commit/d26cd774d524404ef7784e6808f551de83de4bea

[Exploit, Issue Tracking] https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/588

Scores

CVSS v3 9.8

EPSS 0.0029

EPSS Percentile 51.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-94 CWE-79

Status published

Affected Products (1)

gnome/gnome-maps < 43.7

Timeline

Published Nov 17, 2024

Tracked Since Feb 18, 2026