PT-2020-4203 · Unknown · Cd-Messenger

Published

2020-06-10

Updated

2021-07-21

CVE-2020-7675

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: cd-messenger versions 2.7.26 and earlier

Description: The issue exists due to insufficient input validation in the eval function of the cd-messenger software. This allows a remote attacker to execute arbitrary code by providing malicious user input to the color argument, which is executed by the eval function.

Recommendations: For cd-messenger versions 2.7.26 and earlier, consider disabling the eval function until a patch is available. Restrict access to the color argument to minimize the risk of exploitation. Avoid using the color argument in the affected API endpoint until the issue is resolved.

Exploit

Fix

Code Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-20

Related Identifiers

BDU:2020-04637

CVE-2020-7675

GHSA-V756-4WHV-48VC

SNYK-JS-CDMESSENGER-571493

Affected Products

Cd-Messenger

PT-2020-4203 · Unknown · Cd-Messenger

CVE-2020-7675

Weakness Enumeration

Related Identifiers

Affected Products

References · 5