Headline
CVE-2022-23853: Kate
The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory.
Kate is a multi-document, multi-view text editor by KDE. It features stuff like codefolding, syntaxhighlighting, dynamic word wrap, an embedded console, an extensive plugin interface and some preliminary scripting support.
Features:
- MDI, window splitting, window tabbing
- Spell checking
- CR, CRLF, LF newline support
- Encoding support (utf-8, utf-16, ascii etc.)
- Encoding conversion
- Regular expression based find & replace
- Powerful syntax highlighting and bracket matching
- Code and text folding
- Infinite undo/redo support
- Block selection mode
- Auto indentation
- Auto completion support
- Shell integration
- Wide protocol support (http, ftp, ssh, webdav etc.) using kioslaves
- Plugin architecture for the application and editor component
- Customizable shortcuts
- Integrated command line
- Scriptable using JavaScript
This button only works with Discover and other AppStream application stores. You can also use your distribution’s package manager.
Kate Windows installers are also available to download from the binary-factory. These versions don’t contain the translations and are intended for testing purpose. Get involved and help us make them better!
- Stable version. Generated from the latest version of the stable branch. Contains the latest bugfixes.
- Unstable version. Generated from the latest version of the development branch.
Releases RSS
21.12.2 2022-02-03
21.12.1 2022-01-06
21.12.0 2021-12-09
21.08.3 2021-11-04
Extensions