CVE-2020-20269
- Source
- https://cve.org/CVERecord?id=CVE-2020-20269
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-20269.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-20269
- Published
- 2021-01-26T18:15:41.973Z
- Modified
- 2025-12-10T10:03:59.073833Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22.
- References
-
- https://caret.io
- http://packetstormsecurity.com/files/161072/Caret-Editor-4.0.0-rc21-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2021/Jan/59
- https://github.com/careteditor/issues/issues/841
- https://github.com/careteditor/releases-beta/releases/tag/4.0.0-rc22
- https://seclists.org/fulldisclosure/2021/Jan/59
Affected packages
Git
github.com/careteditor/issues
github.com/careteditor/releases
github.com/careteditor/releases-beta
Affected ranges
- Type
- GIT
- Repo
- https://github.com/careteditor/releases-beta
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
4.*
4.0.0-beta0
4.0.0-beta1
4.0.0-beta2
4.0.0-beta3
4.0.0-beta4
4.0.0-beta5
4.0.0-beta6
4.0.0-beta7
4.0.0-beta8
4.0.0-beta9
4.0.0-rc1
4.0.0-rc10
4.0.0-rc11
4.0.0-rc12
4.0.0-rc13
4.0.0-rc14
4.0.0-rc15
4.0.0-rc16
4.0.0-rc17
4.0.0-rc18
4.0.0-rc19
4.0.0-rc2
4.0.0-rc20
4.0.0-rc21
4.0.0-rc3
4.0.0-rc4
4.0.0-rc5
4.0.0-rc6
4.0.0-rc7
4.0.0-rc8
4.0.0-rc9