CVE-2020-27998
CRITICALFastReport < 2020.4.0 - Missing Authorization for Script Security Features
Title source: llmDescription
An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress.
References (4)
Core 4
Core References
Third Party Advisory x_refsource_misc
https://github.com/FastReports/FastReport/pull/206
Third Party Advisory x_refsource_misc
https://opensource.fast-report.com/2020/09/report-script-security.html
Third Party Advisory x_refsource_misc
https://github.com/FastReports/FastReport/compare/v2020.3.0...v2020.4.0
Exploit, Third Party Advisory x_refsource_misc
https://securitylab.github.com/advisories/GHSL-2020-143-FastReportsInc-FastReports
Scores
CVSS v3
9.8
EPSS
0.0055
EPSS Percentile
68.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (2)
fast-report/fastreport
< 2020.4.0
nuget/FastReport.OpenSource
0 - 2020.4.0NuGet
Published
Oct 29, 2020
Tracked Since
Feb 18, 2026