Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process').
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/172535/Yank-Note-3.52.1-Arbitrary-Code-Execution.html | Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/172535/Yank-Note-3.52.1-Arbitrary-Code-Execution.html | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 08:02
Type | Values Removed | Values Added |
---|---|---|
References | () http://packetstormsecurity.com/files/172535/Yank-Note-3.52.1-Arbitrary-Code-Execution.html - Third Party Advisory, VDB Entry |
03 Jun 2023, 04:09
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-732 | |
References | (MISC) http://packetstormsecurity.com/files/172535/Yank-Note-3.52.1-Arbitrary-Code-Execution.html - Third Party Advisory, VDB Entry | |
CPE | cpe:2.3:a:yank-note:yank_note:3.52.1:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
29 May 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-29 00:15
Updated : 2024-11-21 08:02
NVD link : CVE-2023-31874
Mitre link : CVE-2023-31874
CVE.ORG link : CVE-2023-31874
JSON object : View
Products Affected
yank-note
- yank_note
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource