CVE-2017-1000212

{"id": "CVE-2017-1000212", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": true, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2017-11-17T15:29:00.357", "references": [{"url": "https://github.com/tonini/alchemist-server/issues/14", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/tonini/alchemist-server/issues/14", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code."}, {"lang": "es", "value": "El plugin vim para Elixir, alchemist.vim, es vulnerable a una ejecuci\u00f3n remota de c\u00f3digo en el servidor agrupado alchemist. Un sitio web malicioso puede ejecutar peticiones contra un puerto ef\u00edmero en un host local que se eval\u00faan como c\u00f3digo elixir."}], "lastModified": "2024-11-21T03:04:24.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:alchemist-elixir:alchemist-server:-:*:*:*:*:vim:*:*", "vulnerable": true, "matchCriteriaId": "A076ED95-9AF0-4450-A5A4-1D39CB98AED5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}