Enhancement: cves/2020/CVE-2020-26217.yaml by md

2023-04-12 14:43:08 -04:00 · 2023-04-12 14:43:08 -04:00 · a6989e198e
parent baaa75856f
commit a6989e198e
1 changed files with 5 additions and 2 deletions
--- a/cves/2020/CVE-2020-26217.yaml
+++ b/cves/2020/CVE-2020-26217.yaml
@ -1,15 +1,16 @@
 id: CVE-2020-26217

 info:
-  name: XStream < 1.4.14 - Remote Code Execution
+  name: XStream <1.4.14 - Remote Code Execution
  author: pwnhxl
  severity: high
  description: |
-    XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected.
+    XStream before 1.4.14 is susceptible to remote code execution. An attacker can run arbitrary shell commands by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Users who rely on blocklists are affected.
  reference:
    - https://x-stream.github.io/CVE-2020-26217.html
    - https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a
    - https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2
+    - https://nvd.nist.gov/vuln/detail/cve-2020-26217
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
@ -88,3 +89,5 @@ requests:
        part: interactsh_request
        words:
          - "User-Agent: {{rand_base(6)}}"
+
+# Enhanced by md on 2023/04/12