Vulnerability Details CVE-2020-15227
Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.938
EPSS Ranking 99.9%
CVSS Severity
CVSS v3 Score 8.7
CVSS v2 Score 7.5
References
- https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
- https://lists.debian.org/debian-lts-announce/2021/04/msg00003.html
- https://packagist.org/packages/nette/application
- https://packagist.org/packages/nette/nette
- https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
- https://lists.debian.org/debian-lts-announce/2021/04/msg00003.html
- https://packagist.org/packages/nette/application
- https://packagist.org/packages/nette/nette
Products affected by CVE-2020-15227
-
cpe:2.3:a:nette:application:2.0.0
-
cpe:2.3:a:nette:application:2.0.1
-
cpe:2.3:a:nette:application:2.0.10
-
cpe:2.3:a:nette:application:2.0.11
-
cpe:2.3:a:nette:application:2.0.12
-
cpe:2.3:a:nette:application:2.0.13
-
cpe:2.3:a:nette:application:2.0.14
-
cpe:2.3:a:nette:application:2.0.2
-
cpe:2.3:a:nette:application:2.0.3
-
cpe:2.3:a:nette:application:2.0.4
-
cpe:2.3:a:nette:application:2.0.5
-
cpe:2.3:a:nette:application:2.0.6
-
cpe:2.3:a:nette:application:2.0.7
-
cpe:2.3:a:nette:application:2.0.8
-
cpe:2.3:a:nette:application:2.0.9
-
cpe:2.3:a:nette:application:2.1.0
-
cpe:2.3:a:nette:application:2.1.1
-
cpe:2.3:a:nette:application:2.2.0
-
cpe:2.3:a:nette:application:2.2.1
-
cpe:2.3:a:nette:application:2.2.2
-
cpe:2.3:a:nette:application:2.2.3
-
cpe:2.3:a:nette:application:2.2.4
-
cpe:2.3:a:nette:application:2.2.5
-
cpe:2.3:a:nette:application:2.2.6
-
cpe:2.3:a:nette:application:2.2.7
-
cpe:2.3:a:nette:application:2.2.8
-
cpe:2.3:a:nette:application:2.2.9
-
cpe:2.3:a:nette:application:2.3.0
-
cpe:2.3:a:nette:application:2.3.1
-
cpe:2.3:a:nette:application:2.3.10
-
cpe:2.3:a:nette:application:2.3.11
-
cpe:2.3:a:nette:application:2.3.12
-
cpe:2.3:a:nette:application:2.3.13
-
cpe:2.3:a:nette:application:2.3.2
-
cpe:2.3:a:nette:application:2.3.3
-
cpe:2.3:a:nette:application:2.3.4
-
cpe:2.3:a:nette:application:2.3.5
-
cpe:2.3:a:nette:application:2.3.6
-
cpe:2.3:a:nette:application:2.3.7
-
cpe:2.3:a:nette:application:2.3.8
-
cpe:2.3:a:nette:application:2.3.9
-
cpe:2.3:a:nette:application:2.4.0
-
cpe:2.3:a:nette:application:2.4.1
-
cpe:2.3:a:nette:application:2.4.10
-
cpe:2.3:a:nette:application:2.4.11
-
cpe:2.3:a:nette:application:2.4.12
-
cpe:2.3:a:nette:application:2.4.13
-
cpe:2.3:a:nette:application:2.4.14
-
cpe:2.3:a:nette:application:2.4.15
-
cpe:2.3:a:nette:application:2.4.2
-
cpe:2.3:a:nette:application:2.4.3
-
cpe:2.3:a:nette:application:2.4.4
-
cpe:2.3:a:nette:application:2.4.5
-
cpe:2.3:a:nette:application:2.4.6
-
cpe:2.3:a:nette:application:2.4.7
-
cpe:2.3:a:nette:application:2.4.8
-
cpe:2.3:a:nette:application:2.4.9
-
cpe:2.3:a:nette:application:3.0.0
-
cpe:2.3:a:nette:application:3.0.1
-
cpe:2.3:a:nette:application:3.0.2
-
cpe:2.3:a:nette:application:3.0.2.1
-
cpe:2.3:a:nette:application:3.0.3
-
cpe:2.3:a:nette:application:3.0.4
-
cpe:2.3:a:nette:application:3.0.5
-
cpe:2.3:o:debian:debian_linux:9.0