PT-2020-19662 · Op · Op-Browser

Published

2020-04-02

Updated

2022-02-10

CVE-2020-7625

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions op-browser versions 1.0.0 through 1.0.6 op-browser versions 1.0.7 through 1.0.9

Description The issue allows execution of arbitrary commands via the url function, enabling Command Injection attacks.

Recommendations For versions 1.0.0 through 1.0.6, consider disabling the url function until a patch is available. For versions 1.0.7 through 1.0.9, consider disabling the url function until a patch is available.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-7625

GHSA-3HQ6-RMV7-39VH

SNYK-JS-OPBROWSER-564259

Affected Products

Op-Browser

PT-2020-19662 · Op · Op-Browser

CVE-2020-7625

Weakness Enumeration

Related Identifiers

Affected Products

References · 9