CVE-2019-5819

Published: Jun 27, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Insufficient data validation in developer tools in Google Chrome on OS X prior to 74.0.3729.108 allowed a local attacker to execute arbitrary code via a crafted string copied to clipboard.

Affected (8)

Products: Google: Chrome · Opensuse: Backports, Leap · Fedoraproject: Fedora · +1 more

Show all products

Google: Chrome · Opensuse: Backports, Leap · Fedoraproject: Fedora · Debian: Debian Linux

1 product

2 products

1 product

1 product

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 74.0.3729.108

Running on/with	Platform Versions
Apple Macos	All versions

Configuration B

4 vulnerable

Vulnerable Software	Affected Versions
Opensuse Backports	Version sle-15
Opensuse Leap	Version 15.0
Opensuse Leap	Version 15.1
Opensuse Leap	Version 42.3

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 29
Fedoraproject Fedora	Version 30

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.