Описание
Remote Code Execution Vulnerability in Application Inspector
A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output. An attacker who exploited it could send sections of the report containing code snippets to an external server.
To exploit the vulnerability, an attacker needs to convince a user to run Application Inspector on source code that includes a malicious third-party component.
The update addresses the vulnerability by adding output encoding to the HTML report blocking an attacker’s ability to initiate a JavaScript action.
Additional details can be found in the Application Inspector project on GitHub.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka 'Remote Code Execution Vulnerability in Application Inspector'.
A remote code execution vulnerability exists in Application Inspector version v1.0.23 or earlier when the tool reflects example code snippets from third-party source files into its HTML output, aka 'Remote Code Execution Vulnerability in Application Inspector'.
Уязвимость приложения для анализа исходного кода Microsoft Application Inspector, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный код
EPSS