CVE-2019-0542

A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.

CVSS v3.0 8.8 HIGH
CVSS v2.0 6.8 MEDIUM

8.8^/10

CVSS v3.0 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://access.redhat.com/errata/RHBA-2019:0959	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:2551	Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:1422	Third Party Advisory
http://www.securityfocus.com/bid/106434	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2019:2552	Third Party Advisory
https://github.com/xtermjs/xterm.js/releases	Product Release Notes

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:xtermjs:xterm.js:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:openshift_container_platform::::::::
	cpe:2.3:a:redhat:openshift_container_platform::::::::
	cpe:2.3:a:redhat:openshift_container_platform::::::::

Information

Published : 2019-01-09 07:29

Updated : 2022-10-27 06:25

NVD link : CVE-2019-0542

Mitre link : CVE-2019-0542

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Advertisement

Products Affected

xtermjs

xterm.js

redhat

openshift_container_platform

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://access.redhat.com/errata/RHBA-2019:0959", "name": "RHBA-2019:0959", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2551", "name": "RHSA-2019:2551", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2019:1422", "name": "RHSA-2019:1422", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.securityfocus.com/bid/106434", "name": "106434", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "https://access.redhat.com/errata/RHSA-2019:2552", "name": "RHSA-2019:2552", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://github.com/xtermjs/xterm.js/releases", "name": "https://github.com/xtermjs/xterm.js/releases", "tags": ["Product", "Release Notes"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka \"Xterm Remote Code Execution Vulnerability.\" This affects xterm.js."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-0542", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}}, "publishedDate": "2019-01-09T15:29Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:xtermjs:xterm.js:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "5.0.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.9.99", "versionStartIncluding": "3.9"}, {"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.10.163", "versionStartIncluding": "3.10"}, {"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "3.11.104", "versionStartExcluding": "3.11"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-10-27T13:25Z"}