Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gridea Subscribe
Filtered by product Gridea
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-40274 2 Gridea, Linux 2 Gridea, Linux Kernel 2022-10-04 N/A 7.8 HIGH
Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled.
CVE-2019-12047 1 Gridea 1 Gridea 2019-05-13 4.3 MEDIUM 6.1 MEDIUM
Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by child_process.exec and the "<img src=# onerror='eval(new Buffer(" substring.