PT-2021-14200 · Inkdrop · Inkdrop
Eiji Mori
·
Published
2021-06-28
·
Updated
2021-07-02
·
CVE-2021-20745
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Inkdrop versions prior to v5.3.1
Description:
The issue allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.
Recommendations:
For versions prior to v5.3.1, update to version v5.3.1 or later to resolve the issue. As a temporary workaround, consider restricting the loading of files or code snippets containing iframes to minimize the risk of exploitation.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Inkdrop