CVE-2020-20269
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/01/2021
Last modified:
30/01/2021
Description
A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:caret:caret:*:*:*:*:*:*:*:* | 3.4.6 (including) | |
| cpe:2.3:a:caret:caret:4.0.0:beta0:*:*:*:*:*:* | ||
| cpe:2.3:a:caret:caret:4.0.0:beta1:*:*:*:*:*:* | ||
| cpe:2.3:a:caret:caret:4.0.0:beta2:*:*:*:*:*:* | ||
| cpe:2.3:a:caret:caret:4.0.0:beta3:*:*:*:*:*:* | ||
| cpe:2.3:a:caret:caret:4.0.0:beta4:*:*:*:*:*:* | ||
| cpe:2.3:a:caret:caret:4.0.0:beta5:*:*:*:*:*:* | ||
| cpe:2.3:a:caret:caret:4.0.0:beta6:*:*:*:*:*:* | ||
| cpe:2.3:a:caret:caret:4.0.0:beta7:*:*:*:*:*:* | ||
| cpe:2.3:a:caret:caret:4.0.0:beta8:*:*:*:*:*:* | ||
| cpe:2.3:a:caret:caret:4.0.0:beta9:*:*:*:*:*:* | ||
| cpe:2.3:a:caret:caret:4.0.0:rc1:*:*:*:*:*:* | ||
| cpe:2.3:a:caret:caret:4.0.0:rc10:*:*:*:*:*:* | ||
| cpe:2.3:a:caret:caret:4.0.0:rc11:*:*:*:*:*:* | ||
| cpe:2.3:a:caret:caret:4.0.0:rc12:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://packetstormsecurity.com/files/161072/Caret-Editor-4.0.0-rc21-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2021/Jan/59
- https://caret.io
- https://github.com/careteditor/issues/issues/841
- https://github.com/careteditor/releases-beta/releases/tag/4.0.0-rc22
- https://seclists.org/fulldisclosure/2021/Jan/59