Lucene search
K

CVE-2024-48463

🗓️ 04 Nov 2024 00:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov👁 63 Views🌐 WEB

Bruno before 1.29.1 Electron shell.openExternal vulnerabilit

Related
Detection
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today
Bruno IDE Desktop Command Injection Vulnerability
16 Jan 202500:00
zdt
Circl
CVE-2024-48463
4 Nov 202422:48
circl
CNNVD
Bruno 安全漏洞
4 Nov 202400:00
cnnvd
Cvelist
CVE-2024-48463
4 Nov 202400:00
cvelist
NVD
CVE-2024-48463
4 Nov 202421:15
nvd
Packet Storm
Bruno IDE Desktop Command Injection
16 Jan 202500:00
packetstorm
Positive Technologies
PT-2024-33122 · Electron +1 · Electron +1
4 Nov 202400:00
ptsecurity
RedhatCVE
CVE-2024-48463
23 May 202506:22
redhatcve
Vulnrichment
CVE-2024-48463
4 Nov 202400:00
vulnrichment
NVD
Vulnrichment
Node
usebrunobrunoRange<1.29.1
ParameterPositionPathDescriptionCWE
pwn.jarnestedlocalhost/pwn.jarCommand injection via crafted URL in markdown docs leading to RCE when external URL is opened by shell.openExternal.CWE-601
smb://localhost/public/x.desktopnestedsmb://localhost/public/x.desktopSMB link used as crafted URL to trigger command execution via external URL opening.CWE-601
sftp://user@localhost/home/user/s.desktopnestedsftp://user@localhost/home/user/s.desktopSFTP URL used as crafted input to invoke external URL handling leading to command execution.CWE-601
/etc/passwdnested/etc/passwdMarkdown payload referencing a local file URL to trigger external handling.CWE-601
localhost/pwn.jarnestedlocalhost/pwn.jarDirect PoC URL to trigger command execution via external URL handling.CWE-601
C:/Windows/system32/calc.exenestedC:/Windows/system32/calc.exeWindows path payload that could be opened to execute a binary via external handler.CWE-601
http://localhost/pwn.jarnestedhttp://localhost/pwn.jarHTTP URL PoC to trigger command execution.CWE-601
C:/Users/user/Downloads/pwn.jarnestedC:/Users/user/Downloads/pwn.jarWindows path PoC triggering external URL handling for command execution.CWE-601
smb://10.211.55.6/public/hello.scptdnestedsmb://10.211.55.6/public/hello.scptdSMB URL payload to trigger external URL handling and potential code execution.CWE-601
/Volumes/hello.scptd/Contents/Resources/Scripts/main.scptnested/Volumes/hello.scptd/Contents/Resources/Scripts/main.scptMounted volume script path used as crafted URL to trigger code execution.CWE-601
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 07:58Current
6.7Medium risk
Vulners AI Score6.7
CVSS 3.16.5
EPSS0.00623
SSVC
63