Back to search
CVE-2020-13651
Published: Jun 15, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client will obtain a rogue JNLP file specifying the installation of malicious JAR archives and executed with full privileges on the client computer.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://know.bishopfox.com/advisories/digdash-version-2018
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now