CVE-2020-15660

Опубликовано: 20 июл. 2021

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 6.8

CVSS3: 8.8

Описание

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.

Релиз	Статус	Примечание
bionic	not-affected
devel	not-affected
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	not-affected
hirsute	not-affected
impish	not-affected
jammy	not-affected
trusty	ignored	end of standard support
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected
devel	DNE
esm-apps/bionic	not-affected
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
hirsute	DNE
impish	DNE
jammy	DNE
trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected
devel	DNE
esm-apps/focal	not-affected
esm-infra-legacy/trusty	DNE
esm-infra/bionic	not-affected
focal	not-affected
hirsute	DNE
impish	DNE
jammy	DNE
trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
esm-infra-legacy/trusty	DNE
esm-infra/focal	not-affected
focal	not-affected
hirsute	DNE
impish	DNE
jammy	DNE
trusty	DNE
trusty/esm	DNE

Показывать по

Релиз	Статус	Примечание
bionic	DNE
devel	not-affected
esm-apps/jammy	not-affected
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	DNE
hirsute	not-affected
impish	not-affected
jammy	not-affected
trusty	DNE

Показывать по

Релиз	Статус	Примечание
bionic	not-affected
devel	not-affected
esm-infra-legacy/trusty	DNE
esm-infra/focal	DNE
focal	not-affected
hirsute	not-affected
impish	not-affected
jammy	not-affected
trusty	ignored	end of standard support
trusty/esm	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 67%

0.0054

Низкий

6.8 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

CVE-2020-15660

CVSS3: 8.8

redhat

больше 4 лет назад

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.

CVE-2020-15660

CVSS3: 8.8

nvd

больше 4 лет назад

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.

CVE-2020-15660

CVSS3: 8.8

debian

больше 4 лет назад

Missing checks on Content-Type headers in geckodriver before 0.27.0 co ...

GHSA-jxv7-gvxq-248q

github

больше 3 лет назад

Missing checks on Content-Type headers in geckodriver before 0.27.0 could lead to a CSRF vulnerability, that might, when paired with a specifically prepared request, lead to remote code execution.

EPSS

Процентиль: 67%

0.0054

Низкий

6.8 Medium

CVSS2

8.8 High

CVSS3

CVE-2020-15660

Описание

Пакет firefox

Пакет mozjs38

Пакет mozjs52

Пакет mozjs68

Пакет mozjs78

Пакет thunderbird

Ссылки на источники

Связанные уязвимости