CVE-2020-26292
low-risk
Published 2021-01-04
Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter 1.1.3 contains potential malware. The compromised binary release was available for a few hours between December 26, 2020 at 3:22 PM EST to December 26, 2020 at 11:00 PM EST. If you used the source code, you are **NOT** affected. This only affects the binary releases. The binary of unknown quality has been removed from the release. If you have downloaded the binary, please delete it and run a reputable antivirus scanner to ensure that your computer is clean.
Do I need to act?
-
0.36% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.1/10
Low
NETWORK
/ HIGH complexity
Affected Products (1)
Creeper
Affected Vendors
References (2)
Third Party Advisory
https://github.com/chatter-social/Creeper/security/advisories/GHSA-9v67-g2rg-m33...
Third Party Advisory
https://github.com/chatter-social/Creeper/security/advisories/GHSA-9v67-g2rg-m33...
17
/ 100
low-risk
Severity
11/34 · Low
Exploitability
1/34 · Minimal
Exposure
5/34 · Minimal