Buffer Overflow Vulnerability in Canvas by WordPress
CVE-2020-8215

8.8HIGH

Key Information:

Vendor: WordPress
Status: Node-canvas
Vendor: CVE Published:; 20 July 2020

What is CVE-2020-8215?

A buffer overflow vulnerability exists in the Canvas plugin for WordPress, specifically affecting versions up to 1.6.9. This flaw can be exploited when the plugin processes a user-provided image, potentially leading to Denial of Service or allowing attackers to execute arbitrary code within the affected environment. Users of the Canvas plugin are strongly advised to update to the latest version to mitigate these risks.

Affected Version(s)

node-canvas Not Fixed

References

https://hackerone.com/reports/315037

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 20, 2020
Vulnerability Reserved
Jan 28, 2020

CVE-2020-8215 Data

JSON