Disclosure Date 2021/06/21

CVE-2021-20745

OS Command Injection in Inkdrop

Inkdrop における OS コマンドインジェクション

Credit

Eiji Mori (@ei01241)

Affected-Versions

Inkdrop: v5.3.0 and earlier

CWE

  • CWE-78

Description

Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.

Back