CVE-2023-40299

HIGH EPSS 27.1%

Published Oct 4, 20232y ago · Modified Jun 17, 20261w ago

7.8 CVSS 3.1

High

Published Oct 4, 2023 2y ago

Last Modified Jun 17, 2026 1w ago

Description

Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.

CVSS Details

Base Score

7.8

Exploitability

1.8

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

27.1% percentile

Exploit & Patch Status

Public Exploit Known

Patch Available

Weaknesses 1

CWE-114

Affected Products 2

Vendor	Product	Version	Range
konghq	insomnia	2023.4.0	any
apple	macos	*	any

References 4

github.com https://github.com/Kong/insomnia/pull/6217/commits

Patch
github.com https://github.com/Kong/insomnia/releases

Release Notes
insomnia.rest https://insomnia.rest/changelog

Release Notes
angelystor.com https://www.angelystor.com/posts/cve-2023-40299/

ExploitThird Party Advisory

Remediation

github.com https://github.com/Kong/insomnia/pull/6217/commits

Patch