CVE-2022-39245: 
Homebrew vulnerability analysis and mitigation

Mist, the command-line interface for the makedeb Package Repository, was found to contain a security vulnerability (CVE-2022-39245) prior to version 0.9.5. The vulnerability was discovered and disclosed on September 26, 2022, affecting all versions of Mist before version 0.9.5. The issue involved the potential exploitation of user-provided sudo binary through the PATH variable (GitHub Advisory).

The vulnerability is classified with CWE-305 and received a High severity rating. The technical issue stems from the application's handling of the sudo binary, where it previously relied on the PATH variable to locate the sudo executable instead of using the absolute path (/usr/bin/sudo). This implementation could allow for path manipulation attacks (GitHub Commit).

If exploited, this vulnerability could allow a local user to execute arbitrary commands with root permissions on the affected system. The severity of this impact is particularly significant as it could lead to complete system compromise through privilege escalation (GitHub Advisory).

The vulnerability was patched in Mist version 0.9.5, released on September 25, 2022. The fix involves using the absolute path to the sudo binary (/usr/bin/sudo) instead of relying on PATH resolution. Users are strongly advised to upgrade to version 0.9.5 or later, as no alternative workarounds exist (GitHub Release).