exploitDog

CVE-2019-9785

Опубликовано: 14 мар. 2019

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

gitnote 3.1.0 allows remote attackers to execute arbitrary code via a crafted Markdown file, as demonstrated by a javascript:window.parent.top.require('child_process').execFile substring in the onerror attribute of an IMG element.

Ссылки

https://github.com/CCCCCrash/POCs/tree/master/Web/gitnote
Exploit
Third Party Advisory
https://github.com/zhaopengme/gitnote/issues/209
Exploit
Third Party Advisory
https://github.com/CCCCCrash/POCs/tree/master/Web/gitnote
Exploit
Third Party Advisory
https://github.com/zhaopengme/gitnote/issues/209
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gitnoteapp:gitnote:3.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00536

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-x4cr-8fcr-8qvc

CVSS3: 7.8

github

больше 3 лет назад

gitnote 3.1.0 allows remote attackers to execute arbitrary code via a crafted Markdown file, as demonstrated by a javascript:window.parent.top.require('child_process').execFile substring in the onerror attribute of an IMG element.

EPSS

Процентиль: 67%

0.00536

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-78