mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
982 B
982 B
CVE-2020-13651
Description
An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client will obtain a rogue JNLP file specifying the installation of malicious JAR archives and executed with full privileges on the client computer.
POC
Reference
- https://know.bishopfox.com/advisories/digdash-version-2018
- https://know.bishopfox.com/advisories/digdash-version-2018
Github
No PoCs found on GitHub currently.