3 matches found
CVE-2023-40168 Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop
TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening th...
CVE-2023-40168 Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop
TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening th...
CVE-2023-40168
CVE-2023-40168 affects TurboWarp Desktop (versions before 1.8.0). A malicious project or custom extension could read arbitrary files from disk and upload them to a remote server. The vulnerability requires user interaction (opening an sb3 file or loading an extension); the web version is not affe...