CVE-2020-8128

Summary

An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and earlier allow attackers to execute arbitrary code.

Affected Software

VendorProductVersion RangeStatus
n/ajsreportFixed version: 2.6.1affected

Weaknesses

  • CWE-829: Inclusion of Functionality from Untrusted Control Sphere (CWE-829)

ADP Enrichment

CVE Program Container

Additional References

References