exploitDog

CVE-2017-6199

Опубликовано: 06 фев. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.

Ссылки

https://devco.re/blog/2018/01/26/Sandstorm-Security-Review-CVE-2017-6200-en/
Exploit
Third Party Advisory
https://github.com/sandstorm-io/sandstorm/blob/v0.202/shell/packages/sandstorm-db/db.js#L1112
Third Party Advisory
https://github.com/sandstorm-io/sandstorm/commit/37bd9a7f4eb776cdc2d3615f0bfea1254b66f59d
Patch
Third Party Advisory
https://sandstorm.io/news/2017-03-02-security-review
Vendor Advisory
https://devco.re/blog/2018/01/26/Sandstorm-Security-Review-CVE-2017-6200-en/
Exploit
Third Party Advisory
https://github.com/sandstorm-io/sandstorm/blob/v0.202/shell/packages/sandstorm-db/db.js#L1112
Third Party Advisory
https://github.com/sandstorm-io/sandstorm/commit/37bd9a7f4eb776cdc2d3615f0bfea1254b66f59d
Patch
Third Party Advisory
https://sandstorm.io/news/2017-03-02-security-review
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sandstorm:sandstorm:*:*:*:*:*:*:*:*

Версия до 0.203 (исключая)

EPSS

Процентиль: 26%

0.00089

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-hwf7-pj3r-v27q

CVSS3: 9.8

github

больше 3 лет назад

A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.

EPSS

Процентиль: 26%

0.00089

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-287