3 matches found
CVE-2020-15070
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value...
CVE-2020-15070
Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value...
CVE-2020-15070
Zulip Server 2.x before 2.1.7 is affected by an eval-injection vulnerability that an attacker with privilege and access to write to the PostgreSQL database can exploit by crafting a custom profile field value. The root cause is the ability to inject and evaluate code via a crafted value stored in...