10 matches found
CVE-2023-40168
TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening th...
EUVD-2023-44774
Malicious code in bioql PyPI...
CVE-2023-40168
TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening th...
Design/Logic Flaw
TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening th...
CVE-2023-40168 Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop
TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening th...
CVE-2023-40168 Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop
TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening th...
CVE-2023-40168 Malicious projects can read and upload arbitrary files from disk in TurboWarp Desktop
TurboWarp is a desktop application that compiles scratch projects to JavaScript. TurboWarp Desktop versions prior to version 1.8.0 allowed a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server. The only required user interaction is opening th...
CVE-2023-40168
CVE-2023-40168 affects TurboWarp Desktop (versions before 1.8.0). A malicious project or custom extension could read arbitrary files from disk and upload them to a remote server. The vulnerability requires user interaction (opening an sb3 file or loading an extension); the web version is not affe...
PT-2023-27301 · Unknown · Turbowarp Desktop
Name of the Vulnerable Software and Affected Versions: TurboWarp Desktop versions prior to 1.8.0 Description: TurboWarp is a desktop application that compiles scratch projects to JavaScript. The issue allows a malicious project or custom extension to read arbitrary files from disk and upload them...
TurboWarp 安全漏洞
TurboWarp is a TurboWarp open source application. A security vulnerability exists in versions prior to TurboWarp 1.8.0 that stems from allowing a malicious project or custom extension to read arbitrary files from disk and upload them to a remote server...