CVE-2020-11003
low-risk
Published 2020-04-14
Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. This has been patched in 2.15.0.
Do I need to act?
-
0.14% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.8/10
Medium
NETWORK
/ HIGH complexity
Affected Products (1)
Oasis
Affected Vendors
References (2)
Third Party Advisory
https://github.com/fraction/oasis/security/advisories/GHSA-j438-45hc-vjhm
Third Party Advisory
https://github.com/fraction/oasis/security/advisories/GHSA-j438-45hc-vjhm
21
/ 100
low-risk
Severity
15/34 · Moderate
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal