Skip to main content

Sharelatex

2 CVEs product

Monthly

CVE-2015-0934 MEDIUM This Month

Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Sharelatex
NVD
CVSS 2.0
6.5
EPSS
1.6%
CVE-2015-0933 LOW Monitor

Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Sharelatex
NVD
CVSS 2.0
3.5
EPSS
0.3%
EPSS 2% CVSS 6.5
MEDIUM This Month

Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection RCE Sharelatex
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, when the paranoid openin_any setting is omitted, allows remote authenticated users to read arbitrary files via a \include. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal Sharelatex
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy