CVE-2020-36624

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions ahorner text-helpers versions up to 1.0.x ahorner text-helpers versions 1.1.0 through 1.1.1

Description A critical issue affects the unknown code of the file lib/text helpers/translation.rb. The manipulation of the link argument leads to the use of a web link to an untrusted target with window.opener access. The attack can be initiated remotely.

Recommendations For versions up to 1.0.x, upgrade to version 1.1.0 to address this issue. For versions 1.1.0 through 1.1.1, upgrade to version 1.2.0 to address this issue. As a temporary workaround, consider restricting the use of the link argument in the affected component until a patch is available.

Exploit

Fix

Incorrect Privilege Assignment

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-266CWE-1022

Related Identifiers

CVE-2020-36624

GHSA-74HC-57M5-83CH

Affected Products

Text-Helpers

CVE-2020-36624

Weakness Enumeration

Related Identifiers

Affected Products

References · 13