CVE-2021-3210

Sažetak

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter.

Reference

https://github.com/BloodHoundAD/BloodHound/blob/338e197dc4b7a1ee929c335141172ada5bc80800/src/components/Modals/HelpModal.jsx#L57
https://github.com/BloodHoundAD/BloodHound/blob/338e197dc4b7a1ee929c335141172ada5bc80800/src/components/Modals/HelpTexts/GenericAll/GenericAll.jsx#L31-L37
https://github.com/BloodHoundAD/BloodHound/issues/338

CVSS

Base:	9.3
Impact:	10.0
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

25-02-2021 - 22:11

Objavljeno

19-02-2021 - 14:15