CVE-2020-15138

{"id": "CVE-2020-15138", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 1.6}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.3, "exploitabilityScore": 1.6}]}, "published": "2020-08-07T17:15:10.450", "references": [{"url": "https://github.com/PrismJS/prism/pull/2506/commits/7bd7de05edf71112a3a77f87901a2409c9c5c20c", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://prismjs.com/plugins/previewers/#disabling-a-previewer", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/PrismJS/prism/pull/2506/commits/7bd7de05edf71112a3a77f87901a2409c9c5c20c", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://prismjs.com/plugins/previewers/#disabling-a-previewer", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.21.0. To workaround the issue without upgrading, disable the easing preview on all impacted code blocks. You need Prism v1.10.0 or newer to apply this workaround."}, {"lang": "es", "value": "Prism es vulnerable a un ataque de tipo Cross-Site Scripting. La vista previa simplificada del plugin Previewers presenta una vulnerabilidad de tipo XSS que permite a atacantes ejecutar c\u00f3digo arbitrario en Safari e Internet Explorer. Esto afecta a todos los usuarios de Safari e Internet Explorer de Prism versiones posteriores a v1.1.0 e incluy\u00e9ndola, que utilizan el plugin _Previewers_ (versiones posteriores a v1.10.0 e incluy\u00e9ndola) o el plugin _Previewer: Easing_ (versiones v1.1.0 hasta v1.9.0). Este problema es corregido en la versi\u00f3n 1.21.0. Para solucionar el problema sin actualizar, desactive la vista previa simplificada en todos los bloques de c\u00f3digo afectados. Necesita Prism versi\u00f3n v1.10.0 o m\u00e1s reciente para aplicar esta soluci\u00f3n"}], "lastModified": "2024-11-21T05:04:55.517", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:prismjs:previewers:*:*:*:*:*:prismjs:*:*", "vulnerable": true, "matchCriteriaId": "066FA9AE-722F-4905-8084-A42449E0A243", "versionEndExcluding": "1.21.0", "versionStartIncluding": "1.1.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apple:safari:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AFDA34B4-65B4-41A5-AC22-667C8D8FF4B7"}, {"criteria": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C37BA825-679F-4257-9F2B-CE2318B75396"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security-advisories@github.com"}