VYPR

Tophat

by Shopify

Source repositories

CVEs (2)

  • CVE-2026-39862HigApr 8, 2026
    risk 0.50cvss 8.8epss 0.01

    Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an…

  • CVE-2024-45036MedAug 26, 2024
    risk 0.21cvss 4.3epss 0.00

    Tophat is a mobile applications testing harness. An Improper Access Control vulnerability can expose the `TOPHAT_APP_TOKEN` token stored in `~/.tophatrc` through use of a malicious Tophat URL controlled by the attacker. The vulnerability allows Tophat to send this token to the…