3 matches found
CVE-2021-43802
Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute...
CVE-2021-43802
Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an .etherpad file that, when imported, might allow the attacker to gain admin privileges for the Etherpad instance. This, in turn, can be used to install a malicious Etherpad plugin that can execute...
CVE-2021-43802
CVE-2021-43802 affects Etherpad Lite versions before 1.8.16. An attacker can import a crafted .etherpad file to gain admin privileges, enabling installation of a malicious plugin that can execute arbitrary code. Privilege gain relies on triggering or waiting for old express-session state to be de...