Inappropriate Encoding for Output Context

CVE-2019-18981

High

9.8/10

Summary

Pimcore before 5.8.8 and 6.x before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-838 - Inappropriate Encoding for Output Context

The software uses or specifies an encoding when generating output to a downstream component, but the specified encoding is not the same as the encoding that is expected by the downstream component.

Advisory Timeline

Published Nov 15, 2019

Inappropriate Encoding for Output Context

CVE-2019-18981

Summary

CWE-838 - Inappropriate Encoding for Output Context

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS