PT-2019-13824 · Verdaccio · Verdaccio

Evilpacket

Publicado

2019-05-29

Atualizado

2019-08-13

CVE-2019-14772

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions verdaccio versions prior to 3.12.0

Description The issue is a Cross-Site Scripting (XSS) vulnerability, where malicious packages with JavaScript content can be executed in the User Interface, potentially stealing user credentials.

Recommendations For versions prior to 3.12.0, upgrade to version 3.12.0 or later, or migrate to a major version 4.0.0 or later to fix the issue. At the moment, there is no workaround available without upgrading.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-14772

GHSA-78J5-GCMF-VQC8

Produtos afetados

Verdaccio

PT-2019-13824 · Verdaccio · Verdaccio

CVE-2019-14772

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7