Vulnerabilities > CVE-2022-40274 - Unspecified vulnerability in Gridea 0.9.3

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

gridea

NVD

Published: 2022-09-30

Updated: 2022-10-04

Summary

Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled.

Vulnerable Configurations

Part	Description	Count
Application	Gridea Gridea Gridea 0.9.3	1
OS	Linux Linux Linux Kernel -	1

References

https://fluidattacks.com/advisories/marshmello/
https://github.com/getgridea/gridea