← Back

Bloodhound Project

bloodhound_project

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Bloodhound
bloodhound
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-3210
1Bloodhound Project
1Bloodhound
Nov 21, 2024
Feb 19, 2021
N/A· v4
9.6 CRITICAL· v3
9.3 HIGH· v2
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectI...Show more
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter.Show less
CVE-2019-15701
1Bloodhound Project
1Bloodhound
Nov 21, 2024
Aug 27, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomple...Show more
components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search function's autocomplete feature is used. The victim must import data from an Active Directory with a GPO containing JavaScript in its name.Show less