CVE-2020-26292

{"id": "CVE-2020-26292", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.6}]}, "published": "2021-01-04T18:15:13.107", "references": [{"url": "https://github.com/chatter-social/Creeper/security/advisories/GHSA-9v67-g2rg-m33j", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-507"}]}], "descriptions": [{"lang": "en", "value": "Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter 1.1.3 contains potential malware. The compromised binary release was available for a few hours between December 26, 2020 at 3:22 PM EST to December 26, 2020 at 11:00 PM EST. If you used the source code, you are **NOT** affected. This only affects the binary releases. The binary of unknown quality has been removed from the release. If you have downloaded the binary, please delete it and run a reputable antivirus scanner to ensure that your computer is clean."}, {"lang": "es", "value": "Creeper es un lenguaje interpretado, din\u00e1mico experimental. La versi\u00f3n binaria de Creeper Interpreter versi\u00f3n 1.1.3, contiene un malware potencial. La versi\u00f3n binaria comprometida estuvo disponible durante unas horas entre el 26 de diciembre de 2020 a las 3:22 p.m. EST y el 26 de diciembre de 2020 a las 11:00 p.m. EST. Si us\u00f3 el c\u00f3digo fuente, ** NO ** est\u00e1 afectado. Esto solo afecta a las versiones binarias. El binario de calidad desconocida ha sido eliminado de la versi\u00f3n. Si ha descargado el binario, por favor elim\u00ednelo y ejecute un esc\u00e1ner antivirus confiable para asegurarse de que su computadora est\u00e9 limpia."}], "lastModified": "2021-01-07T20:37:42.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:chatter-social:creeper:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BEB90A3-00B0-48AB-B902-D7F64D0AC4D1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}