Details ================ Product: Caret Editor Product URL: https://caret.io/ Vendor: Caret.io Ltd. Vulnerability: Remote Code Execution Vulnerable version: Caret Editor v4.0.0-rc21 Fixed version: Caret Editor v4.0.0-rc22 CVE Number: CVE-2020-20269 CVE URL: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20269 Author: Manuel Bua (dudez)
Vulnerability Description ================ A specially crafted Markdown document could cause the execution of malicious Javascript code. Reference ================ https://github.com/careteditor/issues/issues/841 _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
