CVE-2021-20745

OS Command Injection in Inkdrop (Inkdrop における OS コマンドインジェクション)

Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.

Disclosure Date

2021/06/21

Credit

Eiji Mori (@ei01241)

Affected-Versions

Inkdrop: v5.3.0 and earlier

CWE

CWE-78

Product-URLs

https://www.inkdrop.app/

Reference

https://jvn.jp/en/jp/JVN29949691/index.html
https://docs.inkdrop.app/releases/5.3.1

Back

OS Command Injection in Inkdrop (Inkdrop における OS コマンドインジェクション)

Disclosure Date

Credit

Affected-Versions

CWE

Product-URLs

Reference

会社情報

サービス紹介

お問い合わせ