[Forgot Password]
Login  Register Subscribe

23631

 
 

126998

 
 

101924

 
 

909

 
 

80911

 
 

121

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2017-6199

Date: (C)2018-02-07   (M)2018-02-15 


A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field.

CVSS Score: 4.3Access Vector:
Exploit Score: Access Complexity:
Impact Score: Authentication:
 Confidentiality:
 Integrity:
 Availability:





Reference:
https://devco.re/blog/2018/01/26/Sandstorm-Security-Review-CVE-2017-6200-en/
https://github.com/sandstorm-io/sandstorm/blob/v0.202/shell/packages/sandstorm-db/db.js#L1112
https://github.com/sandstorm-io/sandstorm/commit/37bd9a7f4eb776cdc2d3615f0bfea1254b66f59d
https://sandstorm.io/news/2017-03-02-security-review

© 2013 SecPod Technologies