{"id":"GHSA-584h-jhxh-pxp2","summary":"Codiad remote code execution vulnerability","details":"Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.","aliases":["CVE-2018-14009"],"modified":"2024-04-25T22:43:37.038267Z","published":"2022-05-13T01:11:16Z","database_specific":{"nvd_published_at":"2018-07-12T16:29:00Z","cwe_ids":["CWE-20","CWE-74"],"github_reviewed":true,"github_reviewed_at":"2024-04-25T22:17:33Z","severity":"CRITICAL"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14009"},{"type":"PACKAGE","url":"https://github.com/Codiad/Codiad"},{"type":"WEB","url":"https://github.com/WangYihang/Codiad-Remote-Code-Execute-Exploit"},{"type":"WEB","url":"http://packetstormsecurity.com/files/161944/Codiad-2.8.4-Remote-Code-Execution.html"}],"affected":[{"package":{"name":"codiad/codiad","ecosystem":"Packagist","purl":"pkg:composer/codiad/codiad"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"2.8.4"}]}],"versions":["v1.3.6"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-584h-jhxh-pxp2/GHSA-584h-jhxh-pxp2.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}