An issue in Weave Weave Desktop v.7.78.10 allows a local attacker to execute arbitrary code via a crafted script to the nwjs framework component.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HWeave Desktop
APPWeave7.78.10 – 7.84.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCE
CWE
Related vulnerabilities
CVE-2022-35975CRITICAL9.0ten sam vendor
The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. A specially crafted Flux obje...
CVE-2022-31098CRITICAL9.0ten sam vendor
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without...
CVE-2020-35464CRITICAL9.8ten sam vendor
Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deplo...
CVE-2023-34236HIGH8.5ten sam vendor
Weave GitOps Terraform Controller (aka Weave TF-controller) is a controller for Flux to reconcile Terraform re...
CVE-2022-23509HIGH7.3ten sam vendor
Weave GitOps is a simple open source developer platform for people who want cloud native applications, without...