Arbitrary Code Execution Vulnerability in cd-messenger by Snyk
CVE-2020-7675

9.8CRITICAL

Key Information:

Vendor: Cd-messenger Project
Status: Cd-messenger
Vendor: CVE Published:; 10 June 2020

🔔 Create Cd-messenger Project Vulnerability Alert

What is CVE-2020-7675?

The cd-messenger product, prior to version 2.7.26, is prone to an Arbitrary Code Execution vulnerability. This issue arises due to improper handling of user input in the 'color' argument of the application. Specifically, the use of the 'eval' function on unsanitized user input opens a gateway for potential attackers to execute arbitrary code within the context of the application, leading to significant security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

cd-messenger All versions including 2.7.26

References

https://snyk.io/vuln/SNYK-JS-CDMESSENGER-571493

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2020
Vulnerability Reserved
Jan 21, 2020

JSON

Cd-messenger Project

What is CVE-2020-7675?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.