Search
Find a vulnerability
Search criteria
2 vulnerabilities by djv_project
CVE-2020-28464 (GCVE-0-2020-28464)
Vulnerability from nvd – Published: 2021-01-04 11:50 – Updated: 2024-09-17 02:27
VLAI
Title
Remote Code Execution (RCE)
Summary
This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.
Severity
9.8 (Critical)
CWE
- Remote Code Execution (RCE)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-DJV-1014545 | x_refsource_MISC |
| https://github.com/korzio/djv/blob/master/lib/uti… | x_refsource_MISC |
| https://github.com/korzio/djv/pull/98/files | x_refsource_MISC |
Date Public
2021-01-04 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-DJV-1014545"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/korzio/djv/blob/master/lib/utils/properties.js%23L55"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/korzio/djv/pull/98/files"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "djv",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.1.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alessio Della Libera (d3lla)"
}
],
"datePublic": "2021-01-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution (RCE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T11:50:18.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-DJV-1014545"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/korzio/djv/blob/master/lib/utils/properties.js%23L55"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/korzio/djv/pull/98/files"
}
],
"title": "Remote Code Execution (RCE)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-01-04T11:45:57.300392Z",
"ID": "CVE-2020-28464",
"STATE": "PUBLIC",
"TITLE": "Remote Code Execution (RCE)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "djv",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alessio Della Libera (d3lla)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution (RCE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-DJV-1014545",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-DJV-1014545"
},
{
"name": "https://github.com/korzio/djv/blob/master/lib/utils/properties.js%23L55",
"refsource": "MISC",
"url": "https://github.com/korzio/djv/blob/master/lib/utils/properties.js%23L55"
},
{
"name": "https://github.com/korzio/djv/pull/98/files",
"refsource": "MISC",
"url": "https://github.com/korzio/djv/pull/98/files"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-28464",
"datePublished": "2021-01-04T11:50:18.411Z",
"dateReserved": "2020-11-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:27:33.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28464 (GCVE-0-2020-28464)
Vulnerability from cvelistv5 – Published: 2021-01-04 11:50 – Updated: 2024-09-17 02:27
VLAI
Title
Remote Code Execution (RCE)
Summary
This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.
Severity
9.8 (Critical)
CWE
- Remote Code Execution (RCE)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-DJV-1014545 | x_refsource_MISC |
| https://github.com/korzio/djv/blob/master/lib/uti… | x_refsource_MISC |
| https://github.com/korzio/djv/pull/98/files | x_refsource_MISC |
Date Public
2021-01-04 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:59.562Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-DJV-1014545"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/korzio/djv/blob/master/lib/utils/properties.js%23L55"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/korzio/djv/pull/98/files"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "djv",
"vendor": "n/a",
"versions": [
{
"lessThan": "2.1.4",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alessio Della Libera (d3lla)"
}
],
"datePublic": "2021-01-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution (RCE)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-04T11:50:18.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-DJV-1014545"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/korzio/djv/blob/master/lib/utils/properties.js%23L55"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/korzio/djv/pull/98/files"
}
],
"title": "Remote Code Execution (RCE)",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-01-04T11:45:57.300392Z",
"ID": "CVE-2020-28464",
"STATE": "PUBLIC",
"TITLE": "Remote Code Execution (RCE)"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "djv",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "2.1.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alessio Della Libera (d3lla)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution (RCE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-DJV-1014545",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-DJV-1014545"
},
{
"name": "https://github.com/korzio/djv/blob/master/lib/utils/properties.js%23L55",
"refsource": "MISC",
"url": "https://github.com/korzio/djv/blob/master/lib/utils/properties.js%23L55"
},
{
"name": "https://github.com/korzio/djv/pull/98/files",
"refsource": "MISC",
"url": "https://github.com/korzio/djv/pull/98/files"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-28464",
"datePublished": "2021-01-04T11:50:18.411Z",
"dateReserved": "2020-11-12T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:27:33.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}