Vulnerability Details CVE-2020-28464
This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- https://github.com/korzio/djv/blob/master/lib/utils/properties.js%23L55
- https://github.com/korzio/djv/pull/98/files
- https://snyk.io/vuln/SNYK-JS-DJV-1014545
- https://github.com/korzio/djv/blob/master/lib/utils/properties.js%23L55
- https://github.com/korzio/djv/pull/98/files
- https://snyk.io/vuln/SNYK-JS-DJV-1014545
Products affected by CVE-2020-28464
-
cpe:2.3:a:djv_project:djv:-
-
cpe:2.3:a:djv_project:djv:0.0.1
-
cpe:2.3:a:djv_project:djv:0.1.1
-
cpe:2.3:a:djv_project:djv:0.1.2
-
cpe:2.3:a:djv_project:djv:0.1.3
-
cpe:2.3:a:djv_project:djv:0.1.4
-
cpe:2.3:a:djv_project:djv:1.0.0
-
cpe:2.3:a:djv_project:djv:1.1.0
-
cpe:2.3:a:djv_project:djv:1.1.1
-
cpe:2.3:a:djv_project:djv:1.2.0
-
cpe:2.3:a:djv_project:djv:2.0.0
-
cpe:2.3:a:djv_project:djv:2.1.0
-
cpe:2.3:a:djv_project:djv:2.1.1
-
cpe:2.3:a:djv_project:djv:2.1.2
-
cpe:2.3:a:djv_project:djv:2.1.3