CVE-2019-102000429.07.2019, 15:15Tridactyl before 1.16.0 allows fake key events.OS Command InjectionEnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST7.5 HIGHNETWORKLOWNONECVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NdwfCNA------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 47%VendorProductVersiontridactyl_projecttridactyl𝑥≤ 1.14.10tridactyl_projecttridactyl1.15.0𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')The software constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Referenceshttps://github.com/tridactyl/tridactyl/security/advisories/GHSA-7qr7-93pf-hr8fhttps://github.com/tridactyl/tridactyl/security/advisories/GHSA-7qr7-93pf-hr8f