Lucene search

GitHub_MCVELIST:CVE-2020-15150

HistorySep 01, 2020 - 4:30 p.m.

CVE-2020-15150 Remote Code Execution in paginator(hex)

2020-09-0116:30:14

CWE-94

GitHub_M

www.cve.org

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.06 Low

EPSS

Percentile

93.5%

JSON

There is a vulnerability in Paginator (Elixir/Hex package) which makes it susceptible to Remote Code Execution (RCE) attacks via input parameters to the paginate() function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version 1.0.0 and all users should upgrade to this version immediately. Note that this patched version uses a dependency that requires an Elixir version >=1.5.

CNA Affected

[
  {
    "product": "paginator",
    "vendor": "duffelhq",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.0.0"
      }
    ]
  }
]

References

github.com/duffelhq/paginator/blob/ccf0f37fa96347cc8c8a7e9eb2c64462cec4b2dc/README.md#security-considerations

github.com/duffelhq/paginator/commit/bf45e92602e517c75aea0465efc35cd661d9ebf8

github.com/duffelhq/paginator/security/advisories/GHSA-w98m-2xqg-9cvj

hex.pm/packages/paginator

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

9.7 High

AI Score

Confidence

High

0.06 Low

EPSS

Percentile

93.5%

JSON

Related for CVELIST:CVE-2020-15150