Vulnerability Details CVE-2022-40274
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 11.6%
CVSS Severity
CVSS v3 Score 7.8
References
Products affected by CVE-2022-40274
-
cpe:2.3:a:gridea:gridea:0.9.3
-
cpe:2.3:o:linux:linux_kernel:-