exploitDog

CVE-2020-27224

Опубликовано: 24 фев. 2021

Источник: nvd

CVSS3: 9.6

CVSS2: 9.3

EPSS Низкий

Описание

In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code.

Ссылки

https://github.com/eclipse-theia/theia/issues/7954
Exploit
Issue Tracking
Third Party Advisory
https://omespino.com/write-up-google-bug-bounty-xss-to-cloud-shell-instance-takeover-rce-as-root-5000-usd/
Exploit
Third Party Advisory
https://github.com/eclipse-theia/theia/issues/7954
Exploit
Issue Tracking
Third Party Advisory
https://omespino.com/write-up-google-bug-bounty-xss-to-cloud-shell-instance-takeover-rce-as-root-5000-usd/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eclipse:theia:*:*:*:*:*:*:*:*

Версия до 1.2.0 (включая)

EPSS

Процентиль: 75%

0.009

Низкий

9.6 Critical

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-79

CWE-79

Связанные уязвимости

GHSA-gcm9-cc3r-c6vj

CVSS3: 9.6

github

почти 5 лет назад

Cross-site Scripting (XSS) in Eclipse Theia

EPSS

Процентиль: 75%

0.009

Низкий

9.6 Critical

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-79

CWE-79