An issue found in Espruino Espruino 6ea4c0a allows an attacker to execute arbitrrary code via oldFunc parameter of the jswrap_object.c:jswrap_function_replacewith endpoint.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors Products
Espruino
  • Espruino

Configuration 1 [-]

cpe:2.3:o:espruino:espruino:2019-06-28:*:*:*:*:*:*:*
References
Link Resource
https://github.com/espruino/Espruino/issues/1684 Exploit Issue Tracking Patch
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-04-04T00:00:00

Updated: 2023-04-04T00:00:00

Reserved: 2020-08-13T00:00:00

Link: CVE-2020-19693

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2023-04-04T15:15:07.697

Modified: 2023-04-10T18:41:41.960

Link: CVE-2020-19693

JSON object: View

cve-icon Redhat Information

No data.

CWE