CVE-2020-26292 - OpenCVE

Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter 1.1.3 contains potential malware. The compromised binary release was available for a few hours between December 26, 2020 at 3:22 PM EST to December 26, 2020 at 11:00 PM EST. If you used the source code, you are **NOT** affected. This only affects the binary releases. The binary of unknown quality has been removed from the release. If you have downloaded the binary, please delete it and run a reputable antivirus scanner to ensure that your computer is clean.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Chatter-social	Creeper

Configuration 1 [-]

cpe:2.3:a:chatter-social:creeper:1.1.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/chatter-social/Creeper/security/advisories/GHSA-9v67-g2rg-m33j

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-01-04T18:10:12

Updated: 2024-08-04T15:56:04.400Z

Reserved: 2020-10-01T00:00:00

Link: CVE-2020-26292

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-01-04T18:15:13.107

Modified: 2021-01-07T20:37:42.977

Link: CVE-2020-26292

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Creeper", "vendor": "chatter-social", "versions": [{"status": "affected", "version": "= 1.1.3"}]}], "descriptions": [{"lang": "en", "value": "Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter 1.1.3 contains potential malware. The compromised binary release was available for a few hours between December 26, 2020 at 3:22 PM EST to December 26, 2020 at 11:00 PM EST. If you used the source code, you are **NOT** affected. This only affects the binary releases. The binary of unknown quality has been removed from the release. If you have downloaded the binary, please delete it and run a reputable antivirus scanner to ensure that your computer is clean."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-507", "description": "CWE-507: Trojan Horse", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-04T18:10:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/chatter-social/Creeper/security/advisories/GHSA-9v67-g2rg-m33j"}], "source": {"advisory": "GHSA-9v67-g2rg-m33j", "discovery": "UNKNOWN"}, "title": "Potential Malware Discovered (Possible False Positive)", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-26292", "STATE": "PUBLIC", "TITLE": "Potential Malware Discovered (Possible False Positive)"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Creeper", "version": {"version_data": [{"version_value": "= 1.1.3"}]}}]}, "vendor_name": "chatter-social"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter 1.1.3 contains potential malware. The compromised binary release was available for a few hours between December 26, 2020 at 3:22 PM EST to December 26, 2020 at 11:00 PM EST. If you used the source code, you are **NOT** affected. This only affects the binary releases. The binary of unknown quality has been removed from the release. If you have downloaded the binary, please delete it and run a reputable antivirus scanner to ensure that your computer is clean."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-507: Trojan Horse"}]}]}, "references": {"reference_data": [{"name": "https://github.com/chatter-social/Creeper/security/advisories/GHSA-9v67-g2rg-m33j", "refsource": "CONFIRM", "url": "https://github.com/chatter-social/Creeper/security/advisories/GHSA-9v67-g2rg-m33j"}]}, "source": {"advisory": "GHSA-9v67-g2rg-m33j", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:56:04.400Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/chatter-social/Creeper/security/advisories/GHSA-9v67-g2rg-m33j"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-26292", "datePublished": "2021-01-04T18:10:12", "dateReserved": "2020-10-01T00:00:00", "dateUpdated": "2024-08-04T15:56:04.400Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chatter-social:creeper:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "8BEB90A3-00B0-48AB-B902-D7F64D0AC4D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Creeper is an experimental dynamic, interpreted language. The binary release of Creeper Interpreter 1.1.3 contains potential malware. The compromised binary release was available for a few hours between December 26, 2020 at 3:22 PM EST to December 26, 2020 at 11:00 PM EST. If you used the source code, you are **NOT** affected. This only affects the binary releases. The binary of unknown quality has been removed from the release. If you have downloaded the binary, please delete it and run a reputable antivirus scanner to ensure that your computer is clean."}, {"lang": "es", "value": "Creeper es un lenguaje interpretado, din\u00e1mico experimental. La versi\u00f3n binaria de Creeper Interpreter versi\u00f3n 1.1.3, contiene un malware potencial. La versi\u00f3n binaria comprometida estuvo disponible durante unas horas entre el 26 de diciembre de 2020 a las 3:22 p.m. EST y el 26 de diciembre de 2020 a las 11:00 p.m. EST. Si us\u00f3 el c\u00f3digo fuente, ** NO ** est\u00e1 afectado. Esto solo afecta a las versiones binarias. El binario de calidad desconocida ha sido eliminado de la versi\u00f3n. Si ha descargado el binario, por favor elim\u00ednelo y ejecute un esc\u00e1ner antivirus confiable para asegurarse de que su computadora est\u00e9 limpia."}], "id": "CVE-2020-26292", "lastModified": "2021-01-07T20:37:42.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.1, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-01-04T18:15:13.107", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/chatter-social/Creeper/security/advisories/GHSA-9v67-g2rg-m33j"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-507"}], "source": "security-advisories@github.com", "type": "Primary"}]}