CVE-2020-28464

Description

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.

CVSS Version 3.1
CVSS Version 2.0

snyk
CVE ID: CVE-2020-28464
Base Score: 9.8
Base Severity: CRITICAL
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 3.9

snyk
CVE ID: CVE-2020-28464
Base Score: 9.8
Base Severity: CRITICAL
Vector String:CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

nvd
CVE ID: CVE-2020-28464
Base Score: 10.0
Base Severity: HIGH
Vector String:AV:N/AC:L/Au:N/C:C/I:C/A:C

Refrence: NVD MITRE

Description​

Description