PT-2019-13058 · Fehelper · Fehelper
Hundan2020
·
Published
2019-06-26
·
Updated
2020-08-24
·
CVE-2019-12966
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
FeHelper versions prior to 2019-06-20
Description
The issue allows arbitrary code execution during a JSON format operation. This can be demonstrated by the input
{"a":(function(){confirm(1)})()}.Recommendations
For FeHelper versions prior to 2019-06-20, update to a version released after 2019-06-19 to resolve the issue. As a temporary workaround, consider restricting JSON format operations to minimize the risk of exploitation.
Exploit
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fehelper