CVE-2020-26292

EPSS 0.36%
Veröffentlicht 04.01.2021 18:15:13
Zuletzt bearbeitet 21.11.2024 05:19:46
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter 1.1.3 contains potential malware. The compromised binary release was available for a few hours between December 26, 2020 at 3:22 PM EST to December 26, 2020 at 11:00 PM EST. If you used the source code, you are **NOT** affected. This only affects the binary releases. The binary of unknown quality has been removed from the release. If you have downloaded the binary, please delete it and run a reputable antivirus scanner to ensure that your computer is clean.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Chatter-social ≫ Creeper Version1.1.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.36%	0.576

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
security-advisories@github.com	3.1	1.6	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE-507 Trojan Horse

The product appears to contain benign or useful functionality, but it also contains code that is hidden from normal operation that violates the intended security policy of the user or the system administrator.

https://github.com/chatter-social/Creeper/security/advisories/GHSA-9v67-g2rg-m33j

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-26292

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-26292

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-26292

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2020-26292