admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-152xx/CVE-2020-15271.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

207 lines
6.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-15271",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-10-26T18:15:14.480",
"lastModified": "2024-11-21T05:05:14.360",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in \"terminal\" and \"file_loader\" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme/contrib/terminal.py` and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme."
},
{
"lang": "es",
"value": "En lookatme (paquete python/pypi) versiones anteriores a 2.3.0, el paquete cargaba autom\u00e1ticamente las extensiones integradas \"terminal\" y \"file_loader\". Los usuarios que usan lookatme para renderizar rebajas que no son de confianza pueden ejecutar comandos de shell maliciosos autom\u00e1ticamente en su sistema. Esto es corregido en la versi\u00f3n 2.3.0. Como soluci\u00f3n alternativa, los archivos \"lookatme/contrib/terminal.py\" y \"lookatme/contrib/file_loader.py\" pueden ser eliminados manualmente. Adem\u00e1s, es siempre recomendado estar al tanto de lo que se est\u00e1 renderizando con lookatme"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"baseScore": 9.3,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": true
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lookatme_project:lookatme:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.0",
"matchCriteriaId": "FD795181-94C0-4D6E-BD09-B2F5B2D6A584"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/d0c-s4vage/lookatme/commit/72fe36b784b234548d49dae60b840c37f0eb8d84",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/d0c-s4vage/lookatme/pull/110",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/d0c-s4vage/lookatme/releases/tag/v2.3.0",
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://github.com/d0c-s4vage/lookatme/security/advisories/GHSA-c84h-w6cr-5v8q",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://pypi.org/project/lookatme/#history",
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://github.com/d0c-s4vage/lookatme/commit/72fe36b784b234548d49dae60b840c37f0eb8d84",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/d0c-s4vage/lookatme/pull/110",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/d0c-s4vage/lookatme/releases/tag/v2.3.0",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://github.com/d0c-s4vage/lookatme/security/advisories/GHSA-c84h-w6cr-5v8q",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://pypi.org/project/lookatme/#history",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink