PT-2021-11535 · Djv · Djv

Alessio Della Libera

Published

2021-01-04

Updated

2021-07-21

CVE-2020-28464

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: djv versions prior to 2.1.4

Description: The issue allows an attacker to run arbitrary JavaScript code on the victim machine by controlling the schema file.

Recommendations: For versions prior to 2.1.4, update to version 2.1.4 or later to resolve the issue.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

CVE-2020-28464

GHSA-4HV7-3Q38-97M8

SNYK-JS-DJV-1014545

Djv