Lucene search

[email protected]CVE-2023-51887

HistoryJan 24, 2024 - 5:15 p.m.

CVE-2023-51887

2024-01-2417:15:08

CWE-77

[email protected]

web.nvd.nist.gov

cve-2023-51887

command injection

mathtex

remote code execution

nvd

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.4%

JSON

Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL.

Affected configurations

NVD

Node

ctanmathtexRange≤1.05

CPENameOperatorVersion
ctan:mathtexctan mathtexle1.05

CPE	Name	Operator	Version
ctan:mathtex	ctan mathtex	le	1.05

References

blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.4%

JSON

Related for CVE-2023-51887

cvelist1 debiancve1 ubuntucve1 prion1 nvd1