CVE-2020-7749 in osm-static-mapsinfo

Zusammenfassung

von MITRE • 20.10.2020

This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

Snyk

Reservieren

21.01.2020

Veröffentlichung

20.10.2020

Moderieren

akzeptiert

Eintrag

VDB-162932

CPE

bereit

CWE

CWE-79 (bestätigt)

CVSS

6.5 (NVD)

EPSS

0.00477

KEV

nein

Aktivitäten

very low

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2020-7749
NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-7749
CVE Details	https://www.cvedetails.com/cve/CVE-2020-7749/

◂ Zurück Übersicht Weiter ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!