PT-2010-1837 · Uzbl · Uzbl
Simon Lipp
·
Published
2010-02-25
·
Updated
2017-08-17
·
CVE-2010-0011
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Uzbl versions prior to 2010.01.05
Description
The issue concerns the eval js function in uzbl-core.c, which exposes the run method of the Uzbl object. This allows remote attackers to execute arbitrary commands via JavaScript code.
Recommendations
For versions prior to 2010.01.05, update to version 2010.01.05 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Uzbl