CVE-2024-49400 Information

Description

Tacquito prior to commit 07b49d1358e6ec0b5aa482fcd284f509191119e2 was not properly performing regex matches on authorized commands and arguments. Configured allowed commands/arguments were intended to require a match on the entire string but instead only enforced a match on a sub-string. That would have potentially allowed unauthorized commands to be executed.

Reference

https://www.facebook.com/security/advisories/cve-2024-49400