CVE-2020-36624: Incorrect Privilege Assignment

December 22, 2022

A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is 184b60ded0e43c985788582aca2d1e746f9405a3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216520.

References

github.com/advisories/GHSA-74hc-57m5-83ch
github.com/ahorner/text-helpers/commit/184b60ded0e43c985788582aca2d1e746f9405a3
github.com/ahorner/text-helpers/pull/19
github.com/ahorner/text-helpers/releases/tag/v1.2.0
nvd.nist.gov/vuln/detail/CVE-2020-36624
vuldb.com/?id.216520

Detect and mitigate CVE-2020-36624 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →