Enhancement: cves/2020/CVE-2020-26217.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-04-12 14:43:08 -04:00
parent baaa75856f
commit a6989e198e
1 changed files with 5 additions and 2 deletions

View File

@ -5,11 +5,12 @@ info:
author: pwnhxl
severity: high
description: |
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected.
XStream before 1.4.14 is susceptible to remote code execution. An attacker can run arbitrary shell commands by manipulating the processed input stream, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. Users who rely on blocklists are affected.
reference:
- https://x-stream.github.io/CVE-2020-26217.html
- https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a
- https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2
- https://nvd.nist.gov/vuln/detail/cve-2020-26217
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.8
@ -88,3 +89,5 @@ requests:
part: interactsh_request
words:
- "User-Agent: {{rand_base(6)}}"
# Enhanced by md on 2023/04/12