Shopify Tophat vulnerabilities
2 known vulnerabilities affecting shopify/tophat.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-39862P2HIGHCVSS 8.8fixed in 2.5.12026-04-08
CVE-2026-39862 [HIGH] CWE-78 CVE-2026-39862: Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code e
Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute arbitrary commands on a developer's macOS workstation. Any
nvd
CVE-2024-45036P4MEDIUMCVSS 4.3fixed in 1.10.02024-08-26
CVE-2024-45036 [MEDIUM] CWE-287 CVE-2024-45036: Tophat is a mobile applications testing harness. An Improper Access Control vulnerability can expose
Tophat is a mobile applications testing harness. An Improper Access Control vulnerability can expose the `TOPHAT_APP_TOKEN` token stored in `~/.tophatrc` through use of a malicious Tophat URL controlled by the attacker. The vulnerability allows Tophat to send this token to the attacker's server without any checks to ensure that the server is trusted
nvd