Regex Matches on Authorized Commands and Arguments Not Properly Enforced
CVE-2024-49400

Currently unrated

Key Information:

Vendor: Meta
Status: Tacquito
Vendor: CVE Published:; 17 October 2024

What is CVE-2024-49400?

Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string, but instead only enforced a match on a sub-string. That would have potentially allowed unauthorized commands to be executed.

Affected Version(s)

Tacquito 0 < 07b49d1358e6ec0b5aa482fcd284f509191119e2

References

https://www.facebook.com/security/advisories/cve-2024-49400

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Oct 15, 2024

Meta

What is CVE-2024-49400?

Affected Version(s)

References

Timeline