PT-2020-16339 · Unknown · Databaseschemaviewer

Jarlob

Published

2020-11-04

Updated

2020-11-19

CVE-2020-26207

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DatabaseSchemaViewer versions prior to 2.7.4.3

Description The issue allows for arbitrary code execution if a user is tricked into opening a specially crafted .dbschema file. As a workaround, ensure .dbschema files from untrusted sources are not opened.

Recommendations For versions prior to 2.7.4.3, update to version 2.7.4.3 to resolve the issue. As a temporary workaround, ensure .dbschema files from untrusted sources are not opened.

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2020-26207

GHSA-RFJH-M356-MPQF

Affected Products

Databaseschemaviewer

PT-2020-16339 · Unknown · Databaseschemaviewer

CVE-2020-26207

Weakness Enumeration

Related Identifiers

Affected Products

References · 8