CVE-2018-18240 Pippo RCE Vulnerability

Description

DFE shows many vulnerabilities for Greenshot regarding

CVE-2018-18240

Pippo RCE Vulnerability

Looks like a really old vulnerability.

It shows up even in the latest unstable Windows-Version.

Is there some workaround available?

Environment

Win 10+11

Linked issues

duplicates

BUG-3179

CVE-2018-18240 - RCE bug with Pippo framework (CVSS 9.8)

Activity

Show:

Jens Klingen May 3, 2024 at 5:36 PM

I noticed there's another ticket for this.... closing this as a duplicate .

Jens Klingen May 3, 2024 at 5:34 PM

Thanks for reporting this. I am pretty sure this is a false positive.

Greenshot is not using Pippo, and I also cannot see it as a transitive dependency. (In fact, I would have been surprised to find our .net application packaging a Java web framework.)

I have contacted MS about it, let’s see how they respond.

Duplicate

Details

Assignee

Unassigned

Reporter

Kress Andreas

Priority

Major

Created April 17, 2024 at 2:13 PM

Updated May 3, 2024 at 5:36 PM

Resolved May 3, 2024 at 5:36 PM

Configure