CVE-2020-24742

Опубликовано: 09 авг. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 6.8

EPSS Низкий

Описание

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

Ссылки

https://codereview.qt-project.org/c/qt/qtbase/+/280730
Patch
Vendor Advisory
https://codereview.qt-project.org/c/qt/qtbase/+/280730
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*

Версия от 5.6.0 (включая) до 5.12.7 (исключая)

cpe:2.3:a:qt:qt:*:*:*:*:*:*:*:*

Версия от 5.13.0 (включая) до 5.13.2 (включая)

EPSS

Процентиль: 68%

0.00569

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-24742

CVSS3: 7.8

ubuntu

больше 4 лет назад

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

CVE-2020-24742

CVSS3: 7.8

redhat

больше 4 лет назад

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

CVE-2020-24742

CVSS3: 7.8

msrc

около 4 лет назад

Описание отсутствует

CVE-2020-24742

CVSS3: 7.8

debian

больше 4 лет назад

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader atte ...

GHSA-r23c-fjj8-522c

github

больше 3 лет назад

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.

EPSS

Процентиль: 68%

0.00569

Низкий

7.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

NVD-CWE-noinfo