exploitDog

CVE-2023-28394

Опубликовано: 23 мая 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well.

Ссылки

https://github.com/beekeeper-studio/beekeeper-studio
Product
https://jvn.jp/en/jp/JVN11705010/
Third Party Advisory
https://www.beekeeperstudio.io/
Product
https://github.com/beekeeper-studio/beekeeper-studio
Product
https://jvn.jp/en/jp/JVN11705010/
Third Party Advisory
https://www.beekeeperstudio.io/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:beekeeperstudio:beekeeper-studio:*:*:*:*:*:*:*:*

Версия до 3.9.9 (исключая)

EPSS

Процентиль: 64%

0.0046

Низкий

8.8 High

CVSS3

Дефекты

CWE-78

CWE-78

Связанные уязвимости

GHSA-wcc7-8mhx-xfg9

CVSS3: 8.8

github

больше 2 лет назад

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is installed. As a result, an arbitrary OS command may be executed as well.

EPSS

Процентиль: 64%

0.0046

Низкий

8.8 High

CVSS3

Дефекты

CWE-78

CWE-78