{"id":"CVE-2023-40299","details":"Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.","modified":"2026-04-10T05:06:28.269741Z","published":"2023-10-04T22:15:09.830Z","references":[{"type":"ADVISORY","url":"https://github.com/Kong/insomnia/releases"},{"type":"ADVISORY","url":"https://insomnia.rest/changelog"},{"type":"FIX","url":"https://github.com/Kong/insomnia/pull/6217/commits"},{"type":"EVIDENCE","url":"https://www.angelystor.com/posts/cve-2023-40299/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kong/insomnia","events":[{"introduced":"0"},{"last_affected":"13ff56c07f5becdeae0beac94aa39c3fd79e5fe3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2023.4.0"}]}}],"versions":["core@2020.1.0-beta.3","core@2020.2.0","core@2020.2.1","core@2020.2.2","core@2020.4.0-beta.4","core@2021.1.0","core@2021.1.0-alpha.1","core@2021.1.0-alpha.2","core@2023.4.0","designer@2020.1.0","designer@2020.1.0-beta.3","designer@2020.1.1","designer@2020.1.2","designer@2020.1.3","designer@2020.1.4-test.1","designer@2020.2.0","designer@2020.2.2","designer@2020.3.0-alpha.3","designer@2020.3.0-alpha.4","designer@2020.4.0-beta.4","insomnia-app@1.0.13","insomnia-app@1.0.14","insomnia-app@1.0.15","insomnia-app@1.0.16","insomnia-app@1.0.18","insomnia-app@1.0.19","insomnia-app@1.0.20","insomnia-app@1.0.21","insomnia-app@1.0.22","insomnia-app@1.0.23","insomnia-app@1.0.24","insomnia-app@1.0.25","insomnia-app@1.0.26","insomnia-app@1.0.27","insomnia-app@1.0.31","insomnia-app@1.0.32","insomnia-app@1.0.33","insomnia-app@1.0.34","insomnia-app@1.0.35","insomnia-app@1.0.36","insomnia-app@1.0.37","insomnia-app@1.0.38","insomnia-app@1.0.39","insomnia-app@1.0.40","insomnia-app@1.0.46","insomnia-app@1.0.47","insomnia-app@1.0.48","insomnia-app@1.1.0","insomnia-app@1.1.12","insomnia-app@1.1.13","insomnia-app@1.1.14","insomnia-app@1.1.15","insomnia-app@1.1.2","insomnia-app@1.1.3","insomnia-app@1.1.4","insomnia-app@1.1.5","insomnia-app@1.1.6","insomnia-app@1.1.7","insomnia-app@1.1.8","insomnia-cookies@0.0.11","insomnia-cookies@0.0.13","insomnia-cookies@0.0.15","insomnia-cookies@0.0.16","insomnia-cookies@0.0.17","insomnia-cookies@0.0.21","insomnia-cookies@0.0.22","insomnia-cookies@0.0.5","insomnia-cookies@0.0.6","insomnia-cookies@0.0.7","insomnia-httpsnippet@1.16.10","insomnia-httpsnippet@1.16.11","insomnia-httpsnippet@1.16.12","insomnia-httpsnippet@1.16.16","insomnia-httpsnippet@1.16.17","insomnia-httpsnippet@1.16.19","insomnia-httpsnippet@1.16.21","insomnia-httpsnippet@1.16.8","insomnia-httpsnippet@1.16.9","insomnia-importers@2.0.1","insomnia-importers@2.0.10","insomnia-importers@2.0.11","insomnia-importers@2.0.12","insomnia-importers@2.0.14","insomnia-importers@2.0.16","insomnia-importers@2.0.17","insomnia-importers@2.0.18","insomnia-importers@2.0.19","insomnia-importers@2.0.20","insomnia-importers@2.0.24","insomnia-importers@2.0.25","insomnia-importers@2.0.26","insomnia-importers@2.0.3","insomnia-importers@2.0.4","insomnia-importers@2.0.5","insomnia-importers@2.0.6","insomnia-libcurl@0.0.10","insomnia-libcurl@0.0.12","insomnia-libcurl@0.0.13","insomnia-libcurl@0.0.14","insomnia-libcurl@0.0.15","insomnia-libcurl@0.0.16","insomnia-libcurl@0.0.22","insomnia-libcurl@0.0.24","insomnia-libcurl@0.0.26","insomnia-libcurl@0.0.27","insomnia-libcurl@0.0.28","insomnia-libcurl@0.0.32","insomnia-libcurl@0.0.33","insomnia-libcurl@0.0.4","insomnia-libcurl@0.0.5","insomnia-libcurl@0.0.6","insomnia-libcurl@0.0.7","insomnia-libcurl@0.0.8","insomnia-libcurl@0.0.9","insomnia-plugin-base64@1.0.10","insomnia-plugin-base64@1.0.13","insomnia-plugin-base64@1.0.4","insomnia-plugin-base64@1.0.5","insomnia-plugin-base64@1.0.7","insomnia-plugin-base64@1.0.9","insomnia-plugin-cookie-jar@1.0.1","insomnia-plugin-cookie-jar@1.0.11","insomnia-plugin-cookie-jar@1.0.12","insomnia-plugin-cookie-jar@1.0.13","insomnia-plugin-cookie-jar@1.0.14","insomnia-plugin-cookie-jar@1.0.15","insomnia-plugin-cookie-jar@1.0.19","insomnia-plugin-cookie-jar@1.0.2","insomnia-plugin-cookie-jar@1.0.20","insomnia-plugin-cookie-jar@1.0.6","insomnia-plugin-cookie-jar@1.0.7","insomnia-plugin-cookie-jar@1.0.9","insomnia-plugin-core-themes@1.0.12","insomnia-plugin-core-themes@1.0.13","insomnia-plugin-core-themes@1.0.4","insomnia-plugin-core-themes@1.0.6","insomnia-plugin-core-themes@1.0.8","insomnia-plugin-core-themes@1.0.9","insomnia-plugin-default-headers@1.1.10","insomnia-plugin-default-headers@1.1.11","insomnia-plugin-default-headers@1.1.14","insomnia-plugin-default-headers@1.1.6","insomnia-plugin-default-headers@1.1.7","insomnia-plugin-default-headers@1.1.8","insomnia-plugin-file@1.0.10","insomnia-plugin-file@1.0.11","insomnia-plugin-file@1.0.14","insomnia-plugin-file@1.0.4","insomnia-plugin-file@1.0.6","insomnia-plugin-file@1.0.8","insomnia-plugin-hash@1.0.10","insomnia-plugin-hash@1.0.11","insomnia-plugin-hash@1.0.14","insomnia-plugin-hash@1.0.4","insomnia-plugin-hash@1.0.5","insomnia-plugin-hash@1.0.6","insomnia-plugin-hash@1.0.8","insomnia-plugin-jsonpath@1.0.1","insomnia-plugin-jsonpath@1.0.10","insomnia-plugin-jsonpath@1.0.11","insomnia-plugin-jsonpath@1.0.13","insomnia-plugin-jsonpath@1.0.15","insomnia-plugin-jsonpath@1.0.16","insomnia-plugin-jsonpath@1.0.17","insomnia-plugin-jsonpath@1.0.18","insomnia-plugin-jsonpath@1.0.2","insomnia-plugin-jsonpath@1.0.22","insomnia-plugin-jsonpath@1.0.23","insomnia-plugin-jsonpath@1.0.3","insomnia-plugin-jsonpath@1.0.4","insomnia-plugin-jsonpath@1.0.5","insomnia-plugin-jsonpath@1.0.6","insomnia-plugin-now@1.0.10","insomnia-plugin-now@1.0.12","insomnia-plugin-now@1.0.14","insomnia-plugin-now@1.0.15","insomnia-plugin-now@1.0.16","insomnia-plugin-now@1.0.20","insomnia-plugin-now@1.0.21","insomnia-plugin-now@1.0.4","insomnia-plugin-now@1.0.5","insomnia-plugin-now@1.0.6","insomnia-plugin-os@1.0.12","insomnia-plugin-os@1.0.14","insomnia-plugin-os@1.0.16","insomnia-plugin-os@1.0.17","insomnia-plugin-os@1.0.18","insomnia-plugin-os@1.0.22","insomnia-plugin-os@1.0.23","insomnia-plugin-os@1.0.5","insomnia-plugin-os@1.0.6","insomnia-plugin-os@1.0.7","insomnia-plugin-os@1.0.8","insomnia-plugin-prompt@1.0.8","insomnia-plugin-prompt@1.0.9","insomnia-plugin-prompt@1.1.1","insomnia-plugin-prompt@1.1.10","insomnia-plugin-prompt@1.1.12","insomnia-plugin-prompt@1.1.13","insomnia-plugin-prompt@1.1.14","insomnia-plugin-prompt@1.1.15","insomnia-plugin-prompt@1.1.18","insomnia-plugin-prompt@1.1.2","insomnia-plugin-prompt@1.1.3","insomnia-plugin-prompt@1.1.4","insomnia-plugin-prompt@1.1.5","insomnia-plugin-prompt@1.1.6","insomnia-plugin-prompt@1.1.8","insomnia-plugin-request@1.0.10","insomnia-plugin-request@1.0.11","insomnia-plugin-request@1.0.12","insomnia-plugin-request@1.0.16","insomnia-plugin-request@1.0.17","insomnia-plugin-request@1.0.19","insomnia-plugin-request@1.0.21","insomnia-plugin-request@1.0.22","insomnia-plugin-request@1.0.23","insomnia-plugin-request@1.0.24","insomnia-plugin-request@1.0.28","insomnia-plugin-request@1.0.29","insomnia-plugin-request@1.0.6","insomnia-plugin-request@1.0.8","insomnia-plugin-request@1.0.9","insomnia-plugin-response@1.0.10","insomnia-plugin-response@1.0.14","insomnia-plugin-response@1.0.15","insomnia-plugin-response@1.0.17","insomnia-plugin-response@1.0.19","insomnia-plugin-response@1.0.20","insomnia-plugin-response@1.0.21","insomnia-plugin-response@1.0.22","insomnia-plugin-response@1.0.23","insomnia-plugin-response@1.0.24","insomnia-plugin-response@1.0.28","insomnia-plugin-response@1.0.29","insomnia-plugin-response@1.0.7","insomnia-plugin-response@1.0.8","insomnia-plugin-response@1.0.9","insomnia-plugin-uuid@1.0.11","insomnia-plugin-uuid@1.0.13","insomnia-plugin-uuid@1.0.14","insomnia-plugin-uuid@1.0.15","insomnia-plugin-uuid@1.0.19","insomnia-plugin-uuid@1.0.20","insomnia-plugin-uuid@1.0.4","insomnia-plugin-uuid@1.0.5","insomnia-plugin-uuid@1.0.9","insomnia-prettify@0.1.10","insomnia-prettify@0.1.11","insomnia-prettify@0.1.14","insomnia-prettify@0.1.3","insomnia-prettify@0.1.4","insomnia-prettify@0.1.5","insomnia-prettify@0.1.6","insomnia-prettify@0.1.8","insomnia-url@0.1.10","insomnia-url@0.1.13","insomnia-url@0.1.3","insomnia-url@0.1.5","insomnia-url@0.1.7","insomnia-url@0.1.9","insomnia-xpath@1.0.1","insomnia-xpath@1.0.10","insomnia-xpath@1.0.12","insomnia-xpath@1.0.13","insomnia-xpath@1.0.14","insomnia-xpath@1.0.18","insomnia-xpath@1.0.19","insomnia-xpath@1.0.2","insomnia-xpath@1.0.3","insomnia-xpath@1.0.4","insomnia-xpath@1.0.8","lib@2.2.10","lib@2.2.11","lib@2.2.12","lib@2.2.13","lib@2.2.14","lib@2.2.15","lib@2.2.16","lib@2.2.17","lib@2.2.18","lib@2.2.19","lib@2.2.2","lib@2.2.20","lib@2.2.21","lib@2.2.29","lib@2.2.3","lib@2.2.30","lib@2.2.36-beta","lib@2.2.4","lib@2.2.6","lib@2.2.8","lib@3.18.0","pkg-v2.1.2","pkg-v2.1.3","pkg-v2.1.4","pkg-v2.1.5","pkg-v2.1.6","test-13","v2.1.0","v2.1.1","v3.0.11","v3.0.12","v3.18.0","v3.2.2","v3.2.3","v4.0.0","v5.0.0","v5.0.1","v5.0.12","v5.0.2","v5.0.20","v5.0.3","v5.0.4","v5.0.5","v5.10.1","v5.11.0","v5.11.5","v5.11.7","v5.12.0","v5.12.0-beta.2","v5.12.0-beta.3","v5.12.1","v5.12.3","v5.12.4","v5.12.4-beta.2","v5.14.3","v5.14.6","v5.14.7","v5.14.8","v5.14.9","v5.15.0","v5.16.0","v5.16.1","v5.16.1-2","v5.16.2","v5.16.4","v5.16.5","v5.16.6","v5.2.0","v5.3.0","v5.3.3","v5.3.6","v5.4.0","v5.5.2","v5.6.1","v5.6.3","v5.7.0","v5.7.10","v5.7.11","v5.7.12","v5.7.14","v5.7.4","v5.7.9","v5.8.2","v5.8.3","v5.8.4","v5.9.0","v5.9.2","v5.9.6","v6.0.0","v6.0.0-beta.1","v6.0.0-beta.2","v6.0.1","v6.0.2","v6.0.3-beta.1","v6.2.0","v6.2.3","v6.3.0","v6.3.1","v6.3.2","v6.4.0","v6.4.1","v6.4.2","v6.5.0","v6.5.1","v6.5.3","v6.5.4","v6.6.0","v7.0.4","v7.0.4-beta.4","v7.0.4-beta.5","v7.0.4-beta.6","v7.0.5","v7.0.6","v7.1.0","v7.1.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-40299.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}