WrapEarnPass left a comment (geany/geany#4611) I estimate this as
CVSS Base Score: 6.7 Impact Subscore: 5.9 Exploitability Subscore: 0.8 CVSS Temporal Score: 6.1 CVSS Environmental Score: 6.1 Modified Impact Subscore: 5.9 Overall CVSS Score: 6.1 CVSS 3.1 Vector [AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R/CR:H/IR:H/AR:H/MAV:L/MAC:H/MPR:L/MUI:R/MS:U/MC:H/MI:H/MA:H](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:R/CR:H/IR:H/AR:H/MAV:L/MAC:H/MPR:L/MUI:R/MS:U/MC:H/MI:H/MA:H&version=3.1) CIA impact as HIGH because if the exploit is triggered by the user, the command in backticks could do anything from execute, to exfiltrate. -- Reply to this email directly or view it on GitHub: https://github.com/geany/geany/issues/4611#issuecomment-4845963064 You are receiving this because you are subscribed to this thread. Message ID: <geany/geany/issues/4611/[email protected]>
