MidnightBSD

Advisories for djv_project

CVE-2020-28464 HIGH

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
report@snyk.io 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
djv_project djv *