Untrusted dbpath execution vulnerability in GNU Global through 6.6.12
CVE-2024-38448

Currently unrated

Key Information:

Vendor: GNU
Vendor: CVE Published:; 16 June 2024

Summary

htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used.

References

https://lists.gnu.org/archive/html/bug-global/2024-05/msg...

https://cvs.savannah.gnu.org/viewvc/global/global/htags/h...

Timeline

Vulnerability published
Jun 16, 2024
Vulnerability Reserved
Jun 16, 2024

.