Medium severity4.8NVD Advisory· Published Apr 14, 2020· Updated Jun 17, 2026
CVE-2020-11003
CVE-2020-11003
Description
Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. This has been patched in 2.15.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@fraction/oasisnpm | < 2.15.0 | 2.15.0 |
Affected products
2- fraction/oasisv5Range: < 2.15.0
Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-j438-45hc-vjhmghsaADVISORY
- github.com/fraction/oasis/security/advisories/GHSA-j438-45hc-vjhmnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-11003ghsaADVISORY
News mentions
0No linked articles in our index yet.