exploitDog

CVE-2023-31874

Опубликовано: 29 мая 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process').

Ссылки

http://packetstormsecurity.com/files/172535/Yank-Note-3.52.1-Arbitrary-Code-Execution.html
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/172535/Yank-Note-3.52.1-Arbitrary-Code-Execution.html
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:yank-note:yank_note:3.52.1:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01243

Низкий

8.8 High

CVSS3

Дефекты

CWE-732

CWE-732

Связанные уязвимости

GHSA-h9q7-4jwx-94m6

CVSS3: 8.8

github

больше 2 лет назад

Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process').

EPSS

Процентиль: 79%

0.01243

Низкий

8.8 High

CVSS3

Дефекты

CWE-732

CWE-732