CVE-2022-23853
The CVE affects KDE Kate before 21.12.2 and KTextEditor before 5.91.0, where the LSP plugin may execute an LSP server binary when opening a file. If the binary is not on PATH, the code may fall back to the binary in the file’s directory due to a misused QProcess API, enabling an untrusted directo...