Disclosure Date 2021/06/21

CVE-2021-20745

OS Command Injection in Inkdrop

InkdropのOSコマンドインジェクション脆弱性

Credit

Eiji Mori (@ei01241)

Affected-Versions

v5.3.0 and earlier

CWE

CWE-78

Description

Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop.

Product-URLs

https://www.inkdrop.app/

Reference

  • https://jvn.jp/en/jp/JVN29949691/index.html
  • https://docs.inkdrop.app/releases/5.3.1

Back