Rendertron up to 2.x Screenshot server-side request forgery

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as critical, was found in Rendertron up to 2.x. This affects an unknown code block of the component Screenshot Handler. Upgrading to version 3.0.0 eliminates this vulnerability.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1096509802/23/2021VulD...price_0day$0-$5ksee documentation02/23/2021accepted90
1096509702/23/2021VulD...cvss3_meta_tempscore4.3see documentation02/23/2021accepted90
1096509602/23/2021VulD...cvss3_meta_basescore4.3see documentation02/23/2021accepted90
1096509502/23/2021VulD...cvss3_vuldb_tempscore4.302/23/2021accepted90
1096509402/23/2021VulD...cvss3_vuldb_basescore4.302/23/2021accepted90
1096509302/23/2021VulD...cvss2_vuldb_tempscore4.002/23/2021accepted90
1096509202/23/2021VulD...cvss2_vuldb_basescore4.002/23/2021accepted90
1096509102/23/2021VulD...cvss3_vuldb_eXderived from historical data02/23/2021accepted80
1096509002/23/2021VulD...cvss2_vuldb_eNDderived from historical data02/23/2021accepted80
1096508902/23/2021VulD...cvss2_vuldb_auSderived from historical data02/23/2021accepted80
1096508802/23/2021VulD...cvss2_vuldb_rlOFderived from vuldb v3 vector02/23/2021accepted80
1096508702/23/2021VulD...cvss2_vuldb_rcCderived from vuldb v3 vector02/23/2021accepted80
1096508602/23/2021VulD...cvss2_vuldb_aiNderived from vuldb v3 vector02/23/2021accepted80
1096508502/23/2021VulD...cvss2_vuldb_iiNderived from vuldb v3 vector02/23/2021accepted80
1096508402/23/2021VulD...cvss2_vuldb_ciPderived from vuldb v3 vector02/23/2021accepted80
1096508302/23/2021VulD...cvss2_vuldb_acLderived from vuldb v3 vector02/23/2021accepted80
1096508202/23/2021VulD...cvss2_vuldb_avNderived from vuldb v3 vector02/23/2021accepted80
1096508102/23/2021VulD...date1614034800 (02/23/2021)02/23/2021accepted90
1096508002/23/2021VulD...cveCVE-2020-8902mitre.org02/23/2021accepted90
1096507902/23/2021VulD...upgrade_version3.0.002/23/2021accepted90

Interested in the pricing of exploits?

See the underground prices here!