3 matches found
CVE-2026-39862 Tophat has a Command Injection Vulnerability When Accessing a Maliciously Crafted Tophat Link
Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute...
Tophat 操作系统命令注入漏洞
Tophat is a test tool open sourced by Shopify. Versions of Tophat prior to 2.5.1 contained an operating system command injection vulnerability. This vulnerability stemmed from uncleaned parameters, which could lead to remote code execution...
CVE-2024-45036
Tophat is a mobile applications testing harness. An Improper Access Control vulnerability can expose the TOPHATAPPTOKEN token stored in /.tophatrc through use of a malicious Tophat URL controlled by the attacker. The vulnerability allows Tophat to send this token to the attacker's server without...