CVE-2019-9197
HIGH WAF: High
CVSS 8.8
Published: 2019-12-31
CWE-78
The com.unity3d.kharma protocol handler in Unity Editor 2018.3 allows remote attackers to execute arbitrary code.
WAF Coverage Analysis
OS Command Injection
High WAF Coverage
OWASP: A03:2021 Injection
932xxx - Remote Code Execution
Affected Software
| Vendor | Product | Version |
|---|---|---|
| unity3d | unity_editor | 5.6.0 - 5.6.7f1 |
| unity3d | unity_editor | 2017.4.22 - 2017.4.22f1 |
| unity3d | unity_editor | 2018.2.21 - 2018.2.21f1 |
| unity3d | unity_editor | 2018.3.7 - 2018.3.7f1 |
| unity3d | unity_editor | 2019.1.0 - 2019.1.0b5 |
| unity3d | unity_editor | 2019.2.0 - 2019.2.0a7 |
References
- unity3d.com (Mitigation, Patch, Vendor Advisory)
- www.zerodayinitiative.com (Third Party Advisory, VDB Entry)