Описание
Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.
Ссылки
- Release NotesVendor Advisory
- Third Party Advisory
- ProductVendor Advisory
- Release NotesVendor Advisory
- Third Party Advisory
- ProductVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.3.1 (исключая)
cpe:2.3:a:inkdrop:inkdrop:*:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00247
Низкий
7.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
github
больше 3 лет назад
Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.
EPSS
Процентиль: 48%
0.00247
Низкий
7.8 High
CVSS3
9.3 Critical
CVSS2
Дефекты
CWE-78