Vulnerability Description
GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust server may be susceptible to many different ways to get URL parsing and verification wrong, which allows an attacker to circumvent the access control. This problem has been patched in version 1.2.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Greenbrowser Project | Greenbrowser | < 1.2 |
Related Weaknesses (CWE)
References
- https://github.com/luchua-bc/GreenBrowser/commit/5e257e0db4f2a08cf05f00756e5961ePatchThird Party Advisory
- https://github.com/luchua-bc/GreenBrowser/security/advisories/GHSA-7x3j-7x5w-8g7Third Party Advisory
- https://github.com/luchua-bc/GreenBrowser/commit/5e257e0db4f2a08cf05f00756e5961ePatchThird Party Advisory
- https://github.com/luchua-bc/GreenBrowser/security/advisories/GHSA-7x3j-7x5w-8g7Third Party Advisory
FAQ
What is CVE-2020-11000?
CVE-2020-11000 is a vulnerability with a CVSS score of 5.7 (MEDIUM). GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust server may be susceptible to many different ways to get URL pa...
How severe is CVE-2020-11000?
CVE-2020-11000 has been rated MEDIUM with a CVSS base score of 5.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11000?
Check the references section above for vendor advisories and patch information. Affected products include: Greenbrowser Project Greenbrowser.