{
  "schema_version": "1.4.0",
  "id": "GHSA-jxg9-387c-h784",
  "modified": "2024-04-04T01:18:59Z",
  "published": "2022-05-24T16:50:43Z",
  "aliases": [
    "CVE-2019-11552"
  ],
  "details": "Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user.",
  "severity": [
    {
      "type": "CVSS_V3",
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"
    }
  ],
  "affected": [],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11552"
    },
    {
      "type": "WEB",
      "url": "https://bordplate.no/blog/en/post/crashplan-privilege-escalation"
    },
    {
      "type": "WEB",
      "url": "https://code42.com/r/support/CVE-2019-11552"
    },
    {
      "type": "WEB",
      "url": "https://support.code42.com/Terms_and_conditions/Code42_customer_support_resources/Code42_security_advisories/Untrusted_data_is_executed_as_System_via_a_PAC_file_read_by_CrashPlanService.exe"
    }
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-434",
      "CWE-94"
    ],
    "severity": "HIGH",
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-19T14:15:00Z"
  }
}