CVE-2023-43799

Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the software running on MacOS, Windows, and Linux. Version 5.2.5 fixes this issue.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
altairgraphqlaltair
𝑥
< 5.2.5
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
altairgraphqlaltair
𝑥
< 5.2.5
ADP
Common Weakness Enumeration
References
https://github.com/altair-graphql/altair/releases/tag/v5.2.5
https://github.com/altair-graphql/altair/security/advisories/GHSA-9m5v-vrf6-fmvm
https://github.com/altair-graphql/altair/releases/tag/v5.2.5
https://github.com/altair-graphql/altair/security/advisories/GHSA-9m5v-vrf6-fmvm