CVE-2020-10800
First published: Sat Mar 21 2020(Updated: )
lix through 15.8.7 allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream so that the Location header is associated with attacker-controlled executable content in the postDownload field.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Lix Project Lix | <=15.8.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-10800?
CVE-2020-10800 is a vulnerability in Lix through version 15.8.7 that allows man-in-the-middle attackers to execute arbitrary code by modifying the HTTP client-server data stream.
How does CVE-2020-10800 work?
CVE-2020-10800 works by manipulating the Location header in the HTTP client-server data stream to associate it with attacker-controlled executable content.
What is the severity of CVE-2020-10800?
The severity of CVE-2020-10800 is rated as high with a CVSS score of 8.1.
Which software versions are affected by CVE-2020-10800?
Versions up to and including 15.8.7 of Lix are affected by CVE-2020-10800.
How can I fix CVE-2020-10800?
To fix CVE-2020-10800, it is recommended to update to a version of Lix that is not affected by the vulnerability.
- collector/nvd-index
- vendor/lix project
- canonical/lix project lix
- version/lix project lix/15.8.7