Critical severity9.1NVD Advisory· Published Jun 16, 2024· Updated Apr 15, 2026
CVE-2024-38448
CVE-2024-38448
Description
htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- Range: <=6.6.12
- osv-coords5 versionspkg:rpm/opensuse/global&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/global&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/global&distro=openSUSE%20Tumbleweedpkg:rpm/suse/global&distro=SUSE%20Package%20Hub%2015%20SP5pkg:rpm/suse/global&distro=SUSE%20Package%20Hub%2015%20SP6
< 6.6.9-bp156.3.3.1+ 4 more
- (no CPE)range: < 6.6.9-bp156.3.3.1
- (no CPE)range: < 6.6.9-bp156.3.3.1
- (no CPE)range: < 6.6.13-1.1
- (no CPE)range: < 6.6.9-bp156.3.3.1
- (no CPE)range: < 6.6.9-bp156.3.3.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.