CVE-2020-15150

Опубликовано: 01 сент. 2020

Источник: nvd

CVSS3: 9

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version 1.0.0 and all users should upgrade to this version immediately. Note that this patched version uses a dependency that requires an Elixir version >=1.5.

Ссылки

https://github.com/duffelhq/paginator/blob/ccf0f37fa96347cc8c8a7e9eb2c64462cec4b2dc/README.md#security-considerations
Third Party Advisory
https://github.com/duffelhq/paginator/commit/bf45e92602e517c75aea0465efc35cd661d9ebf8
Patch
Third Party Advisory
https://github.com/duffelhq/paginator/security/advisories/GHSA-w98m-2xqg-9cvj
Third Party Advisory
https://hex.pm/packages/paginator
Product
https://github.com/duffelhq/paginator/blob/ccf0f37fa96347cc8c8a7e9eb2c64462cec4b2dc/README.md#security-considerations
Third Party Advisory
https://github.com/duffelhq/paginator/commit/bf45e92602e517c75aea0465efc35cd661d9ebf8
Patch
Third Party Advisory
https://github.com/duffelhq/paginator/security/advisories/GHSA-w98m-2xqg-9cvj
Third Party Advisory
https://hex.pm/packages/paginator
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:duffel:paginator:*:*:*:*:*:elixir:*:*

Версия до 1.0.0 (исключая)

EPSS

Процентиль: 90%

0.05345

Низкий

9 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-w98m-2xqg-9cvj

github

почти 4 года назад

Remote Code Execution in paginator

EPSS

Процентиль: 90%

0.05345

Низкий

9 Critical

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-94