CVE-2020-15660

Опубликовано: 29 июл. 2021

Источник: redhat

CVSS3: 8.8

EPSS Низкий

Описание

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.

A flaw was found in GeckoDriver when specific requests are missing checks on Content-Type headers. This flaw allows an attacker to perform remote code execution.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Advanced Cluster Management for Kubernetes 2	geckodriver	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=2041813geckodriver: missing checks on Content-Type headers leads to CSRF

EPSS

Процентиль: 67%

0.0054

Низкий

8.8 High

CVSS3

Связанные уязвимости

CVE-2020-15660

CVSS3: 8.8

ubuntu

больше 4 лет назад

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.

CVE-2020-15660

CVSS3: 8.8

nvd

больше 4 лет назад

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.

CVE-2020-15660

CVSS3: 8.8

debian

больше 4 лет назад

Missing checks on Content-Type headers in geckodriver before 0.27.0 co ...

GHSA-jxv7-gvxq-248q

github

больше 3 лет назад

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.

EPSS

Процентиль: 67%

0.0054

Низкий

8.8 High

CVSS3