CVE-2022-27818: Insecure temporary file usage in SWHKD

April 8, 2022 (updated April 19, 2022)

SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service.

References

github.com/advisories/GHSA-r3r5-jhw6-4634
github.com/waycrate/swhkd
github.com/waycrate/swhkd/commit/f70b99dd575fab79d8a942111a6980431f006818
github.com/waycrate/swhkd/releases/tag/1.2.0
nvd.nist.gov/vuln/detail/CVE-2022-27818

Code Behaviors & Features

Detect and mitigate CVE-2022-27818 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →