Unrated severityNVD Advisory· Published Oct 4, 2023· Updated Sep 20, 2024

The Altair Desktop Client Does Not Sanitize External URLs before passing them to the underlying system

CVE-2023-43799

Description

Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the software running on MacOS, Windows, and Linux. Version 5.2.5 fixes this issue.

Affected products

Apollographql/Altairv5
Range: < 5.2.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/altair-graphql/altair/releases/tag/v5.2.5mitrex_refsource_MISC
github.com/altair-graphql/altair/security/advisories/GHSA-9m5v-vrf6-fmvmmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000