Lucene search
HistoryJul 22, 2024 - 3:15 p.m.
CVE-2024-26020
arbitrary execution ankitects flashcard vulnerability
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
38.0%
An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.
Affected configurations
Node
ankiwebankiMatch24.04
Related
osv
osv
Ankitects Anki arbitrary script execution vulnerability
2024-07-22 15:32:41
CVE-2024-26020
2024-07-22 15:15:02
cvelist
cvelist
CVE-2024-26020
2024-07-22 14:20:26
cve
cve
CVE-2024-26020
2024-07-22 15:15:02
talos
talos
Ankitects Anki MPV script injection vulnerability
2024-07-22 00:00:00
debiancve
debiancve
CVE-2024-26020
2024-07-22 15:15:02
vulnrichment
vulnrichment
CVE-2024-26020
2024-07-22 14:20:26
veracode
veracode
Arbitrary Script Execution
2024-07-27 06:23:25
github
github
Ankitects Anki arbitrary script execution vulnerability
2024-07-22 15:32:41
talosblog
talosblog
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
38.0%
Related for NVD:CVE-2024-26020