I don't get it how is that a issue? I searched for lite_project files got zero results and the system.exec thing seems to be a issue of downloading random extension at which point again you fucked yourself there are a million better ways to own you than hoping the user is running lite-xl.
Who would even use such a workaround?

>>107803343
>bro just use an executable file as your settings! It's so elegant and simple!
It's amazing what retards will do to avoid having to manually parse a file

>>107803404
> and the system.exec thing seems to be a issue of downloading random extension
lite-xl is unusable without extensions
it doesn't come with a settings gui, lsp or git support

>>107803343
rider

>>107803343
>if you download code off the internet
>and run it
>it runs
How the fuck is this a vulnerability? Security "engineers" need to be culled.

>>107803461
You realize the same is true for mpv right? These programs are actually meant for people that use their computer as tool, to get shit done. Not to configure limited settings in their goyslop programs.

If I want to remove a disk every time ebony cheeks clap together that is my right

>>107803343
Crazy how you can just state the obvious and get a CVE. Cybersecurity industry is a joke.

>>107803343
Wait until they realize that running CMake on a project can lead to arbitrary code execution...

vscode prompts you when opening a folder if you trust the developers probably for this exact reason? I presume you could make malicious vscode projects or dotfiles as well

>>107803343
>arbitrary code execution
Yeah it's really fucking arbitrary if you don't understand what you're seeing. I can also give you a curl command that runs "arbitrary" code execution

bros I found arbitary code execution in rust

curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

File: a.png (140 KB, 1547x938)

140 KB PNG

>>107803343
Why the fuck are you posting actual 3rd worlder CVEs?
Going "hahaha look at this dumbass" loses all it's meaning when it's some jeet