CVE-2020-20269

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-20269
A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://packetstormsecurity.com/files/161072/Caret-Editor-4.0.0-rc21-Remote-Code-Execution.html Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2021/Jan/59 Mailing List Third Party Advisory
https://caret.io Product
https://github.com/careteditor/issues/issues/841 Issue Tracking Third Party Advisory
https://github.com/careteditor/releases-beta/releases/tag/4.0.0-rc22 Release Notes Third Party Advisory
https://seclists.org/fulldisclosure/2021/Jan/59 Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:caret:caret:*:*:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:beta0:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:beta2:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:beta3:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:beta4:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:beta5:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:beta6:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:beta7:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:beta8:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:beta9:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:rc10:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:rc11:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:rc12:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:rc13:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:rc14:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:rc15:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:rc16:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:rc17:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:rc18:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:rc19:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:rc20:*:*:*:*:*:*
cpe:2.3:a:caret:caret:4.0.0:rc21:*:*:*:*:*:*
History

No history.

Information

Published : 2021-01-26 18:15

Updated : 2024-02-04 21:23

NVD link : CVE-2020-20269

Mitre link : CVE-2020-20269

CVE.ORG link : CVE-2020-20269

JSON object : View

Products Affected

caret

  • caret
CWE
NVD-CWE-noinfo