CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-12079

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0010%
EPSS Percentile27.71th
Published2020年4月23日
Last Modified2024年11月21日

Vulnerability Description

Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isolation is not used, and therefore an attacker can conduct a prototype-pollution attack against the Electron internal messaging API.

Affected Platforms (CPE)

📦
Beakerbrowser

Beaker

< 0.8.9

References & Advisories

🔗 https://github.com/beakerbrowser/beaker/issues/1519
🔗 https://github.com/beakerbrowser/beaker/releases/tag/0.8.9
🔗 https://github.com/beakerbrowser/beaker/issues/1519
🔗 https://github.com/beakerbrowser/beaker/releases/tag/0.8.9

相关漏洞威胁

CVE-2013-74896.8

The Beaker library through 1.11.0 for Python is affected by deserialization of untrusted data, which could lead to arbitrary code ...

CVE-2019-103985.5

Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins maste...

CVE-2015-31625.4

Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenti...

CVE-2015-31614.8

The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producin...