9.3
CVE-2019-1354
- EPSS 27.49%
- Veröffentlicht 24.01.2020 21:15:12
- Zuletzt bearbeitet 21.11.2024 04:36:32
- Quelle secure@microsoft.com
- CVE-Watchlists
- Unerledigt
LoginA remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Visual Studio 2017 Version >= 15.0 < 15.9.18
Microsoft ≫ Visual Studio 2019 Version >= 16.0 < 16.4.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 27.49% | 0.963 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 9.3 | 8.6 | 10 |
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.