CVE-2020-20269

A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
caretcaret
𝑥
≤ 3.4.6
caretcaret
4.0.0:beta0
caretcaret
4.0.0:beta1
caretcaret
4.0.0:beta2
caretcaret
4.0.0:beta3
caretcaret
4.0.0:beta4
caretcaret
4.0.0:beta5
caretcaret
4.0.0:beta6
caretcaret
4.0.0:beta7
caretcaret
4.0.0:beta8
caretcaret
4.0.0:beta9
caretcaret
4.0.0:rc1
caretcaret
4.0.0:rc10
caretcaret
4.0.0:rc11
caretcaret
4.0.0:rc12
caretcaret
4.0.0:rc13
caretcaret
4.0.0:rc14
caretcaret
4.0.0:rc15
caretcaret
4.0.0:rc16
caretcaret
4.0.0:rc17
caretcaret
4.0.0:rc18
caretcaret
4.0.0:rc19
caretcaret
4.0.0:rc2
caretcaret
4.0.0:rc20
caretcaret
4.0.0:rc21
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/161072/Caret-Editor-4.0.0-rc21-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2021/Jan/59
https://caret.io
https://github.com/careteditor/issues/issues/841
https://github.com/careteditor/releases-beta/releases/tag/4.0.0-rc22
https://seclists.org/fulldisclosure/2021/Jan/59
http://packetstormsecurity.com/files/161072/Caret-Editor-4.0.0-rc21-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2021/Jan/59
https://caret.io
https://github.com/careteditor/issues/issues/841
https://github.com/careteditor/releases-beta/releases/tag/4.0.0-rc22
https://seclists.org/fulldisclosure/2021/Jan/59