CVE-2019-0542

Published: Jan 9, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A remote code execution vulnerability exists in Xterm.js when the component mishandles special characters, aka "Xterm Remote Code Execution Vulnerability." This affects xterm.js.

Affected (4)

Products: Xtermjs: Xterm.js · Redhat: Openshift Container Platform

1 product

1 product

Openshift Container Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xtermjs Xterm.js	Before 5.0.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Openshift Container Platform	After 3.11 to 3.11.104
Redhat Openshift Container Platform	From 3.10 to 3.10.163
Redhat Openshift Container Platform	From 3.9 to 3.9.99

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://www.securityfocus.com/bid/106434

Source: secure@microsoft.com

https://access.redhat.com/errata/RHBA-2019:0959

Source: secure@microsoft.com

https://access.redhat.com/errata/RHSA-2019:1422

Source: secure@microsoft.com

https://access.redhat.com/errata/RHSA-2019:2551

Source: secure@microsoft.com

https://access.redhat.com/errata/RHSA-2019:2552

Source: secure@microsoft.com

https://github.com/xtermjs/xterm.js/releases

Source: secure@microsoft.com

http://www.securityfocus.com/bid/106434

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHBA-2019:0959

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2019:1422

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2019:2551

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2019:2552

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/xtermjs/xterm.js/releases

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.