GHSA-m7mf-48hp-5qmr

Source

https://github.com/advisories/GHSA-m7mf-48hp-5qmr

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/12/GHSA-m7mf-48hp-5qmr/GHSA-m7mf-48hp-5qmr.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m7mf-48hp-5qmr

Aliases

CVE-2020-16009

Published

2020-12-02T18:28:47Z

Modified

2024-02-16T08:24:30.978175Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Inappropriate implementation in V8

Details

CVE-2020-16009: Inappropriate implementation in V8

https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16009

Google is aware of reports that exploits for CVE-2020-16009 exist in the wild.

Allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

There is currently little to no public information on the issue other than it has been flagged as High severity.

Database specific

{
    "nvd_published_at": "2020-11-03T03:15:00Z",
    "cwe_ids": [
        "CWE-787"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2020-12-02T18:27:42Z"
}

References

Affected packages

NuGet / CefSharp.Common

Package

Name: CefSharp.Common; View open source insights on deps.dev
Purl: pkg:nuget/CefSharp.Common

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

86.0.241

Affected versions

31.*

31.0.0-pre1

33.*

33.0.0

33.0.2

33.1.0-pre01

37.*

37.0.0-pre01

37.0.0-pre02

37.0.0

37.0.1

37.0.2

37.0.3

39.*

39.0.0-pre01

39.0.0-pre02

39.0.0-pre03

39.0.0

39.0.1

39.0.2

41.*

41.0.0-pre01

41.0.0

41.0.1

43.*

43.0.0-pre01

43.0.0-pre02

43.0.0

43.0.1

45.*

45.0.0-pre01

45.0.0

47.*

47.0.0-pre01

47.0.0

47.0.1

47.0.2

47.0.3

47.0.4

49.*

49.0.0-pre01

49.0.0-pre02

49.0.0

49.0.1

51.*

51.0.0-pre01

51.0.0-pre02

51.0.0

53.*

53.0.0-pre01

53.0.0

53.0.1

55.*

55.0.0-pre01

55.0.0

57.*

57.0.0-pre01

57.0.0

62.*

62.0.0-pre01

62.0.0-proprietary-codecs

62.0.0-proprietary-codecs2

63.*

63.0.0-pre01

63.0.0-pre02

63.0.0-pre03

63.0.0

63.0.1

63.0.2

63.0.3

65.*

65.0.0-pre01

65.0.0-pre02

65.0.0

65.0.1

67.*

67.0.0-pre01

67.0.0

69.*

69.0.0-pre01

69.0.0

71.*

71.0.0-pre01

71.0.0

71.0.1

71.0.2

73.*

73.1.120-pre01

73.1.130

75.*

75.1.140-pre01

75.1.141

75.1.142

75.1.143

79.*

79.1.310-pre

79.1.350

79.1.360

81.*

81.3.20-pre

81.3.100

83.*

83.3.120-pre

83.4.20

84.*

84.3.10-pre

84.4.10

85.*

85.3.120-pre

85.3.121-pre

85.3.121

85.3.130

86.*

86.0.240-pre

NuGet / CefSharp.Wpf

Package

Name: CefSharp.Wpf; View open source insights on deps.dev
Purl: pkg:nuget/CefSharp.Wpf

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

86.0.241

Affected versions

1.*

1.25.2-perlun0

1.25.3

1.25.4

1.25.5

1.25.6

1.25.7

1.25.8

3.*

3.29.0-pre0

31.*

31.0.0-pre1

33.*

33.0.0

33.0.2

33.1.0-pre01

37.*

37.0.0-pre01

37.0.0-pre02

37.0.0

37.0.1

37.0.3

39.*

39.0.0-pre01

39.0.0-pre02

39.0.0-pre03

39.0.0

39.0.1

39.0.2

41.*

41.0.0-pre01

41.0.0

41.0.1

43.*

43.0.0-pre01

43.0.0-pre02

43.0.0

43.0.1

45.*

45.0.0-pre01

45.0.0

47.*

47.0.0-pre01

47.0.0

47.0.1

47.0.2

47.0.3

47.0.4

49.*

49.0.0-pre01

49.0.0-pre02

49.0.0

49.0.1

51.*

51.0.0-pre01

51.0.0-pre02

51.0.0

53.*

53.0.0-pre01

53.0.0

53.0.1

55.*

55.0.0-pre01

55.0.0

57.*

57.0.0-pre01

57.0.0

62.*

62.0.0-pre01

62.0.0-proprietary-codecs

62.0.0-proprietary-codecs2

63.*

63.0.0-pre01

63.0.0-pre02

63.0.0-pre03

63.0.0

63.0.1

63.0.2

63.0.3

65.*

65.0.0-pre01

65.0.0-pre02

65.0.0

65.0.1

67.*

67.0.0-pre01

67.0.0

69.*

69.0.0-pre01

69.0.0

71.*

71.0.0-pre01

71.0.0

71.0.1

71.0.2

73.*

73.1.120-pre01

73.1.130

75.*

75.1.140-pre01

75.1.141

75.1.142

75.1.143

79.*

79.1.310-pre

79.1.350

79.1.360

81.*

81.3.20-pre

81.3.100

83.*

83.3.120-pre

83.4.20

84.*

84.3.10-pre

84.4.10

85.*

85.3.120-pre

85.3.121-pre

85.3.121

85.3.130

86.*

86.0.240-pre

NuGet / CefSharp.WinForms

Package

Name: CefSharp.WinForms; View open source insights on deps.dev
Purl: pkg:nuget/CefSharp.WinForms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

86.0.241

Affected versions

1.*

1.25.3

33.*

33.0.0

33.0.2

33.1.0-pre01

37.*

37.0.0-pre01

37.0.0-pre02

37.0.0

37.0.1

37.0.3

39.*

39.0.0-pre01

39.0.0-pre02

39.0.0-pre03

39.0.0

39.0.1

39.0.2

41.*

41.0.0-pre01

41.0.0

41.0.1

43.*

43.0.0-pre01

43.0.0-pre02

43.0.0

43.0.1

45.*

45.0.0-pre01

45.0.0

47.*

47.0.0-pre01

47.0.0

47.0.1

47.0.2

47.0.3

47.0.4

49.*

49.0.0-pre01

49.0.0-pre02

49.0.0

49.0.1

51.*

51.0.0-pre01

51.0.0-pre02

51.0.0

53.*

53.0.0-pre01

53.0.0

53.0.1

55.*

55.0.0-pre01

55.0.0

57.*

57.0.0-pre01

57.0.0

62.*

62.0.0-pre01

62.0.0-proprietary-codecs

62.0.0-proprietary-codecs2

63.*

63.0.0-pre01

63.0.0-pre02

63.0.0-pre03

63.0.0

63.0.1

63.0.2

63.0.3

65.*

65.0.0-pre01

65.0.0-pre02

65.0.0

65.0.1

67.*

67.0.0-pre01

67.0.0

69.*

69.0.0-pre01

69.0.0

71.*

71.0.0-pre01

71.0.0

71.0.1

71.0.2

73.*

73.1.120-pre01

73.1.130

75.*

75.1.140-pre01

75.1.141

75.1.142

75.1.143

79.*

79.1.310-pre

79.1.350

79.1.360

81.*

81.3.20-pre

81.3.100

83.*

83.3.120-pre

83.4.20

84.*

84.3.10-pre

84.4.10

85.*

85.3.120-pre

85.3.121-pre

85.3.121

85.3.130

86.*

86.0.240-pre

NuGet / CefSharp.Wpf.HwndHost

Package

Name: CefSharp.Wpf.HwndHost; View open source insights on deps.dev
Purl: pkg:nuget/CefSharp.Wpf.HwndHost

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

86.0.241

Affected versions

83.*

83.4.20-pre

84.*

84.4.10

85.*

85.3.121

85.3.130