Vulnerabilities > Clash Project

DATE	CVE	VULNERABILITY TITLE	RISK
2023-02-23	CVE-2023-24205	Incorrect Permission Assignment for Critical Resource vulnerability in Clash Project Clash 0.20.12 Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). network low complexity clash-project CWE-732 critical	9.8
2022-09-29	CVE-2022-40126	Files or Directories Accessible to External Parties vulnerability in Clash Project Clash 0.19.9 A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated. local low complexity clash-project CWE-552	7.8
2022-03-28	CVE-2022-26255	Cross-site Scripting vulnerability in Clash Project Clash 0.19.8 Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column. network low complexity clash-project CWE-79 critical	9.8
2022-03-21	CVE-2020-24772	Origin Validation Error vulnerability in Clash Project Clash 0.11.4 In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. network clash-project CWE-346	6.8

Vulnerabilities > Clash Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Clash Project"}]}