CVE-2020-11016

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-11016

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-11016.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-11016

Related

GHSA-rrhh-rcgp-q2m2

Published

2020-04-30T23:15:11Z

Modified

2025-07-01T23:49:37.622290Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component. An attacker with access to the IntelMQ Manager could possibly use this issue to execute arbitrary code with the privileges of the webserver. Version 2.1.1 fixes the vulnerability.

References

Affected packages

Git / github.com/certtools/intelmq-manager

Affected ranges

Type: GIT
Repo: https://github.com/certtools/intelmq-manager
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7595e415d59e51c05cfcb90748e2d9fcc0a39dd5

Fixed

b9a2ac43a4f99d764b827108f6a99dc4a9faa013

Affected versions

0.*

0.2

0.2.1

0.3

0.3.1

1.*

1.0.0

1.0.1

1.0.2

1.1.0

2.*

2.0.0

2.1.0