Vulnerability Details : CVE-2020-20269
A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22.
Products affected by CVE-2020-20269
- cpe:2.3:a:caret:caret:*:*:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:beta5:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:beta7:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:rc12:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:rc14:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:rc21:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:beta0:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:beta3:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:rc10:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:rc11:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:beta8:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:beta9:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:rc16:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:rc17:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:rc18:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:rc19:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:beta4:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:beta6:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:rc13:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:rc15:*:*:*:*:*:*
- cpe:2.3:a:caret:caret:4.0.0:rc20:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-20269
4.53%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 92 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-20269
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
References for CVE-2020-20269
-
http://seclists.org/fulldisclosure/2021/Jan/59
Full Disclosure: CVE-2020-20269 - Caret Editor v4.0.0-rc21 Remote Code ExecutionMailing List;Third Party Advisory
-
https://seclists.org/fulldisclosure/2021/Jan/59
Full Disclosure: CVE-2020-20269 - Caret Editor v4.0.0-rc21 Remote Code ExecutionMailing List;Third Party Advisory
-
https://github.com/careteditor/issues/issues/841
Critical security vulnerability in Caret 4.0.0-rc21 · Issue #841 · careteditor/issues · GitHubIssue Tracking;Third Party Advisory
-
http://packetstormsecurity.com/files/161072/Caret-Editor-4.0.0-rc21-Remote-Code-Execution.html
Caret Editor 4.0.0-rc21 Remote Code Execution ≈ Packet StormThird Party Advisory;VDB Entry
-
https://caret.io
Caret - Markdown Editor for Mac / Windows / LinuxProduct
-
https://github.com/careteditor/releases-beta/releases/tag/4.0.0-rc22
Release 4.0.0-rc22 · careteditor/releases-beta · GitHubRelease Notes;Third Party Advisory
Jump to