cvelist/2020/15xxx/CVE-2020-15227.json

{
    "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-15227",
        "STATE": "PUBLIC",
        "TITLE": "Remote Code Execution vulnerability"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "application",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_value": ">= 2.0.0, < 2.0.19"
                                        },
                                        {
                                            "version_value": ">= 2.1.0, < 2.1.13"
                                        },
                                        {
                                            "version_value": ">= 2.2.0, < 2.2.10"
                                        },
                                        {
                                            "version_value": ">= 2.3.0, < 2.3.14"
                                        },
                                        {
                                            "version_value": ">= 2.4.0, < 2.4.16"
                                        },
                                        {
                                            "version_value": ">= 3.0.0, < 3.0.6"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "nette"
                }
            ]
        }
    },
    "data_format": "MITRE",
    "data_type": "CVE",
    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework."
            }
        ]
    },
    "impact": {
        "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "name": "https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94",
                "refsource": "CONFIRM",
                "url": "https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94"
            },
            {
                "refsource": "MISC",
                "url": "https://packagist.org/packages/nette/application",
                "name": "https://packagist.org/packages/nette/application"
            },
            {
                "refsource": "MISC",
                "url": "https://packagist.org/packages/nette/nette",
                "name": "https://packagist.org/packages/nette/nette"
            },
            {
                "refsource": "MLIST",
                "name": "[debian-lts-announce] 20210404 [SECURITY] [DLA 2617-1] php-nette security update",
                "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00003.html"
            }
        ]
    },
    "source": {
        "advisory": "GHSA-8gv3-3j7f-wg94",
        "discovery": "UNKNOWN"
    }
}
"-Synchronized-Data." 2020-06-25 17:01:46 +00:00			`{`
			`"CVE_data_meta": {`
Add CVE-2020-15227 for GHSA-8gv3-3j7f-wg94 2020-10-01 12:55:58 -06:00			`"ASSIGNER": "security-advisories@github.com",`
"-Synchronized-Data." 2020-06-25 17:01:46 +00:00			`"ID": "CVE-2020-15227",`
Add CVE-2020-15227 for GHSA-8gv3-3j7f-wg94 2020-10-01 12:55:58 -06:00			`"STATE": "PUBLIC",`
			`"TITLE": "Remote Code Execution vulnerability"`
"-Synchronized-Data." 2020-06-25 17:01:46 +00:00			`},`
Add CVE-2020-15227 for GHSA-8gv3-3j7f-wg94 2020-10-01 12:55:58 -06:00			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "application",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_value": ">= 2.0.0, < 2.0.19"`
			`},`
			`{`
			`"version_value": ">= 2.1.0, < 2.1.13"`
			`},`
			`{`
			`"version_value": ">= 2.2.0, < 2.2.10"`
			`},`
			`{`
			`"version_value": ">= 2.3.0, < 2.3.14"`
			`},`
			`{`
			`"version_value": ">= 2.4.0, < 2.4.16"`
			`},`
			`{`
			`"version_value": ">= 3.0.0, < 3.0.6"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "nette"`
			`}`
			`]`
			`}`
			`},`
			`"data_format": "MITRE",`
			`"data_type": "CVE",`
			`"data_version": "4.0",`
"-Synchronized-Data." 2020-06-25 17:01:46 +00:00			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2020-10-01 20:01:37 +00:00			`"value": "Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework."`
"-Synchronized-Data." 2020-06-25 17:01:46 +00:00			`}`
			`]`
Add CVE-2020-15227 for GHSA-8gv3-3j7f-wg94 2020-10-01 12:55:58 -06:00			`},`
			`"impact": {`
			`"cvss": {`
			`"attackComplexity": "HIGH",`
			`"attackVector": "NETWORK",`
			`"availabilityImpact": "NONE",`
			`"baseScore": 8.7,`
			`"baseSeverity": "HIGH",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "HIGH",`
			`"privilegesRequired": "NONE",`
			`"scope": "CHANGED",`
			`"userInteraction": "NONE",`
			`"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",`
			`"version": "3.1"`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
			`"name": "https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94",`
			`"refsource": "CONFIRM",`
			`"url": "https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94"`
			`},`
			`{`
			`"refsource": "MISC",`
"-Synchronized-Data." 2020-10-01 20:01:37 +00:00			`"url": "https://packagist.org/packages/nette/application",`
			`"name": "https://packagist.org/packages/nette/application"`
Add CVE-2020-15227 for GHSA-8gv3-3j7f-wg94 2020-10-01 12:55:58 -06:00			`},`
			`{`
			`"refsource": "MISC",`
"-Synchronized-Data." 2020-10-01 20:01:37 +00:00			`"url": "https://packagist.org/packages/nette/nette",`
			`"name": "https://packagist.org/packages/nette/nette"`
"-Synchronized-Data." 2021-04-04 14:00:38 +00:00			`},`
			`{`
			`"refsource": "MLIST",`
			`"name": "[debian-lts-announce] 20210404 [SECURITY] [DLA 2617-1] php-nette security update",`
			`"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00003.html"`
Add CVE-2020-15227 for GHSA-8gv3-3j7f-wg94 2020-10-01 12:55:58 -06:00			`}`
			`]`
			`},`
			`"source": {`
			`"advisory": "GHSA-8gv3-3j7f-wg94",`
			`"discovery": "UNKNOWN"`
"-Synchronized-Data." 2020-06-25 17:01:46 +00:00			`}`
			`}`