Описание
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column.
Ссылки
- ExploitIssue TrackingRelease NotesThird Party Advisory
- ExploitIssue TrackingRelease NotesThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:clash_project:clash:0.19.8:*:*:*:*:windows:*:*
EPSS
Процентиль: 78%
0.01119
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column.
EPSS
Процентиль: 78%
0.01119
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-79