DIE-engine icon indicating copy to clipboard operation
DIE-engine copied to clipboard

Published 20 hours ago verified publisher icon horsicq

CVE-2023-51714 Vulnerability

Open claudiudc opened this issue 1 year ago • 9 comments

Hello,

I would like to raise a concern related to CVE-2023-51714 vulnerability. In our enterprise environment security scanners detected that latest release is impacted by CVE-2023-51714 vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-51714 Could you please help updating to a newer qt library to address this issue?

Also one more idea, will it be possible for the feature maybe to have a console version that is not using qt at all? From experience we see very frequently qt affected by different security vulnerabilities and in enterprise environments addressing security vulnerabilities is a critical process.

Kind Regards, Claudiu

claudiudc avatar Mar 01 '24 08:03 claudiudc

Hello! Thanks a lot for the bugreport! It will be fixed!.

horsicq avatar Mar 01 '24 08:03 horsicq

it does not happen in Qt6

DevX-Cipher avatar Mar 01 '24 09:03 DevX-Cipher

it does not happen in Qt6

It is "6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2"

claudiudc avatar Mar 01 '24 10:03 claudiudc

ok i must have read it wrong

DevX-Cipher avatar Mar 01 '24 11:03 DevX-Cipher