CVE-2023-1004

Опубликовано: 24 фев. 2023

Источник: nvd

CVSS3: 5.3

CVSS3: 7.8

CVSS2: 4.3

EPSS Низкий

Описание

A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.

Ссылки

https://github.com/marktext/marktext/issues/3575
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?ctiid.221737
Permissions Required
Third Party Advisory
https://vuldb.com/?id.221737
Permissions Required
Third Party Advisory
https://github.com/marktext/marktext/issues/3575
Exploit
Issue Tracking
Third Party Advisory
https://vuldb.com/?ctiid.221737
Permissions Required
Third Party Advisory
https://vuldb.com/?id.221737
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:marktext:marktext:*:*:*:*:*:*:*:*

Версия до 0.17.1 (включая)

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

EPSS

Процентиль: 14%

0.00046

Низкий

5.3 Medium

CVSS3

7.8 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-94

Связанные уязвимости

GHSA-7p66-mwq8-x35w

CVSS3: 7.8

github

почти 3 года назад

A vulnerability has been found in MarkText up to 0.17.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the component WSH JScript Handler. The manipulation leads to code injection. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-221737 was assigned to this vulnerability.

EPSS

Процентиль: 14%

0.00046

Низкий

5.3 Medium

CVSS3

7.8 High

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-94