PT-2018-18984 · Etherpad+3 · Etherpad+3

Published

2018-04-07

Updated

2018-05-11

CVE-2018-9327

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Etherpad versions 1.5.x through 1.6.3

Description The issue allows an attacker to execute arbitrary code on the server, but only if the instance is configured to use a document database such as DirtyDB, CouchDB, MongoDB, or RethinkDB.

Recommendations For versions 1.5.x through 1.6.3, update to version 1.6.4 or later to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2018-9327

Affected Products

Couchdb

Etherpad

Mongodb

Rethinkdb

PT-2018-18984 · Etherpad+3 · Etherpad+3

CVE-2018-9327

Weakness Enumeration

Related Identifiers

Affected Products

References · 4