exploitDog

CVE-2017-18103

Опубликовано: 18 июл. 2018

Источник: nvd

CVSS3: 4.7

CVSS2: 4.3

EPSS Низкий

Описание

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml.

Ссылки

https://jira.atlassian.com/browse/HTTP-3
Issue Tracking
Vendor Advisory
https://jira.atlassian.com/browse/HTTP-3
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:atlassian:http_library:*:*:*:*:*:*:*:*

Версия до 2.0.2 (исключая)

EPSS

Процентиль: 39%

0.00171

Низкий

4.7 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-m3qc-55mg-4c8m

CVSS3: 4.7

github

больше 3 лет назад

The atlassian-http library, as used in various Atlassian products, before version 2.0.2 allows remote attackers to spoof web content in the Mozilla Firefox Browser through uploaded files that have a content-type of application/mathml+xml.

EPSS

Процентиль: 39%

0.00171

Низкий

4.7 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-20