GHSA-g4gg-9f62-jfph
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g4gg-9f62-jfph
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-g4gg-9f62-jfph/GHSA-g4gg-9f62-jfph.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g4gg-9f62-jfph
- Aliases
-
- CVE-2015-2918
- Published
- 2018-10-18T17:41:40Z
- Modified
- 2023-11-08T03:57:52.541584Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- OrientDB Studio web management interface is vulnerable to clickjacking attacks
- Details
-
The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-20" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:36:04Z" }- References
Affected packages
Maven / com.orientechnologies:orientdb-studio
Package
- Name
- com.orientechnologies:orientdb-studio
- View open source insights on deps.dev
- Purl
- pkg:maven/com.orientechnologies/orientdb-studio
Maven / com.orientechnologies:orientdb-studio
Package
- Name
- com.orientechnologies:orientdb-studio
- View open source insights on deps.dev
- Purl
- pkg:maven/com.orientechnologies/orientdb-studio