Vulnerability Details : CVE-2020-25787
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.
Vulnerability category: Input validation
Products affected by CVE-2020-25787
- cpe:2.3:a:tt-rss:tiny_tiny_rss:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-25787
32.54%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-25787
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-25787
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-25787
-
http://packetstormsecurity.com/files/161606/TinyTinyRSS-Remote-Code-Execution.html
TinyTinyRSS Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
Heads up: several vulnerabilities fixed - Announcements - Tiny Tiny RSS: CommunityVendor Advisory
-
https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
- fix multiple vulnerabilities in af_proxy_http · c3d14e1fa5 - Tiny Tiny RSSPatch;Vendor Advisory
Jump to