CVE-2020-15660

Опубликовано: 20 июл. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.

Ссылки

http://www.openwall.com/lists/oss-security/2022/02/07/3
Mailing List
Third Party Advisory
https://github.com/mozilla/geckodriver/releases/tag/v0.27.0
Release Notes
Third Party Advisory
http://www.openwall.com/lists/oss-security/2022/02/07/3
Mailing List
Third Party Advisory
https://github.com/mozilla/geckodriver/releases/tag/v0.27.0
Release Notes
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mozilla:geckodriver:*:*:*:*:*:*:*:*

Версия до 0.27.0 (исключая)

EPSS

Процентиль: 67%

0.0054

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

CVE-2020-15660

CVSS3: 8.8

ubuntu

больше 4 лет назад

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.

CVE-2020-15660

CVSS3: 8.8

redhat

больше 4 лет назад

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.

CVE-2020-15660

CVSS3: 8.8

debian

больше 4 лет назад

Missing checks on Content-Type headers in geckodriver before 0.27.0 co ...

GHSA-jxv7-gvxq-248q

github

больше 3 лет назад

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.

EPSS

Процентиль: 67%

0.0054

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352