CVE-2018-6835: Improper Input Validation

May 13, 2022 (updated July 24, 2023)

node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 mishandles JSONP, which allows remote attackers to bypass intended access restrictions.

References

github.com/advisories/GHSA-mvmv-rq2j-97p2
github.com/ether/etherpad-lite/commit/626e58cc5af1db3691b41fca7b06c28ea43141b1
github.com/ether/etherpad-lite/releases/tag/1.6.3
nvd.nist.gov/vuln/detail/CVE-2018-6835

Detect and mitigate CVE-2018-6835 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →