cvedb.io
CVE-2018-1000536
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2018-06-26T16:29:02.040 · Last modified 2026-06-17T01:32:51.903

Summary

Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of the running application. This attack appear to be exploitable via Victim is synchronizing data from the redis server which contains malicious key value.

Affected products

getmedis — medis

Does this affect you?

Add your gear to cvedb and we'll alert you only when getmedis ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.