Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 16/05/2020 Updated: 07/11/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 614

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

The kerberos package prior to 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kerberos project kerberos

CWE-427 https://www.op-c.net/2020/05/15/dll-injection-attack-in-kerberos-npm-package/https://www.npmjs.com/advisories/1514 https://www.linkedin.com/posts/op-innovate_dll-injection-attack-in-kerberos-npm-package-activity-6667043749547253760-kVlW https://medium.com/%40kiddo_Ha3ker/dll-injection-attack-in-kerberos-npm-package-cb4b32031cd https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-13110

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect