CVE-2020-11000

Опубликовано: 08 апр. 2020

Источник: nvd

CVSS3: 5.7

CVSS3: 6.5

CVSS2: 4.3

EPSS Низкий

Описание

GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust server may be susceptible to many different ways to get URL parsing and verification wrong, which allows an attacker to circumvent the access control. This problem has been patched in version 1.2.

Ссылки

https://github.com/luchua-bc/GreenBrowser/commit/5e257e0db4f2a08cf05f00756e5961ee873e481b
Patch
Third Party Advisory
https://github.com/luchua-bc/GreenBrowser/security/advisories/GHSA-7x3j-7x5w-8g7w
Third Party Advisory
https://github.com/luchua-bc/GreenBrowser/commit/5e257e0db4f2a08cf05f00756e5961ee873e481b
Patch
Third Party Advisory
https://github.com/luchua-bc/GreenBrowser/security/advisories/GHSA-7x3j-7x5w-8g7w
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:greenbrowser_project:greenbrowser:*:*:*:*:*:*:*:*

Версия до 1.2 (исключая)

EPSS

Процентиль: 49%

0.00256

Низкий

5.7 Medium

CVSS3

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-939

NVD-CWE-Other

EPSS

Процентиль: 49%

0.00256

Низкий

5.7 Medium

CVSS3

6.5 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-939

NVD-CWE-Other