Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-q2xp-75m7-gv52

Опубликовано: 02 апр. 2019
Источник: github
Github: Прошло ревью
CVSS3: 9.8

Описание

Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction

Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.

Ссылки

Пакеты

Наименование

net.sf.robocode:robocode.host

maven
Затронутые версииВерсия исправления

<= 1.9.3.5

1.9.3.7

EPSS

Процентиль: 72%
0.00726
Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2019-10648

Дефекты

CWE-20
CWE-862

Связанные уязвимости

ubuntu логотип

CVE-2019-10648

CVSS3: 9.8
ubuntu
почти 7 лет назад

Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.

nvd логотип

CVE-2019-10648

CVSS3: 9.8
nvd
почти 7 лет назад

Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.

debian логотип

CVE-2019-10648

CVSS3: 9.8
debian
почти 7 лет назад

Robocode through 1.9.3.5 allows remote attackers to cause external ser ...

EPSS

Процентиль: 72%
0.00726
Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2019-10648

Дефекты

CWE-20
CWE-862