PT-2018-18984 · Etherpad+3 · Etherpad+3
Publicado
2018-04-07
·
Atualizado
2018-05-11
·
CVE-2018-9327
CVSS v3.1
8.1
Alta
| Vetor | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Etherpad versions 1.5.x through 1.6.3
Description
The issue allows an attacker to execute arbitrary code on the server, but only if the instance is configured to use a document database such as DirtyDB, CouchDB, MongoDB, or RethinkDB.
Recommendations
For versions 1.5.x through 1.6.3, update to version 1.6.4 or later to resolve the issue.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Couchdb
Etherpad
Mongodb
Rethinkdb