CVE-2019-19859

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-19859

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-19859.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2019-19859

Published

2020-01-15T23:15:11Z

Modified

2025-01-08T06:04:25.746175Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in Serpico (aka SimplE RePort wrIting and CollaboratiOn tool) 1.3.0. The Add Collaborator allows unlimited data via the author parameter, even if the data does not match anything in the database.

References

https://www.websec.nl/news.php

Affected packages

Git / github.com/serpicoproject/serpico

Affected ranges

Type: GIT
Repo: https://github.com/serpicoproject/serpico
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

7d7bc536b4de1f10e1e0feff0e5804150383b917

Affected versions

1.*

1.0

1.1.0

1.1.1

1.2.1

1.2.2

1.2.2.1

1.3.0

Other

BH2016Alpha

BH2017_1.*

BH2017_1.2.0_Alpha