CVE-2021-32692
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-32692
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32692.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-32692
- Related
- Published
- 2022-12-23T03:15:07Z
- Modified
- 2025-02-14T11:25:49.585532Z
- Severity
-
- 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Activity Watch is a free and open-source automated time tracker. Versions prior to 0.11.0 allow an attacker to execute arbitrary commands on any macOS machine with ActivityWatch running. The attacker can exploit this vulnerability by having the user visiting a website with the page title set to a malicious string. An attacker could use another application to accomplish the same, but the web browser is the most likely attack vector. This issue is patched in version 0.11.0. As a workaround, users can run the latest version of aw-watcher-window from source, or manually patch the
printAppTitle.scptfile. - References
Affected packages
Git / github.com/activitywatch/activitywatch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/activitywatch/activitywatch
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1
v0.1.1
v0.10.0
v0.11.0b1
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.4.0a1
v0.4.0a2
v0.4.0a3
v0.4.0a4
v0.4.0a5
v0.5.0
v0.5.1
v0.6.0-a1
v0.6.0-a2
v0.6.0-a3
v0.6.0a10
v0.6.0a11
v0.6.0a12
v0.6.0a13
v0.6.0a4
v0.6.0a5
v0.6.0a6
v0.6.0a7
v0.6.0a8
v0.6.0a9
v0.7.0a1
v0.7.0a2
v0.7.0a3
v0.7.0a4
v0.7.0a5
v0.7.0a6
v0.7.0a7
v0.7.0b1
v0.7.0b2
v0.7.0b3
v0.7.0b4
v0.7.1
v0.8.0b1
v0.8.0b2
v0.8.0b3
v0.8.0b4
v0.8.0b5
v0.8.0b6
v0.8.0b7
v0.8.0b8
v0.8.0b9
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.9.0
v0.9.1
v0.9.2