Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by child_process.exec and the "
CVE-2019-12047
MEDIUMNVD 6.16.1—
EchelonGraph scoreMEDIUM confidence
This medium-severity CVE scores 6.1 under NVD CVSS v3. EPSS exploit probability: 0.4%, top 37% of all CVEs by exploit prediction. GitHub Security Advisory data not yet ingested — confidence will rise once GHSA publishes (typical lag: hours to days for open-source ecosystem CVEs; never for infrastructure-only CVEs).
Triggered by: NVD CVSS baseline
Sources: epss, nvd
6.1
EchelonGraph verdictMonitorLow exploitation likelihood right now — keep watching.
- Lower severity and no public exploit yet
CISA-KEV: Not listedEPSS: 1%CVSS: 6.1Exploit: NoneExposed: 0
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.