admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2020/7xxx/CVE-2020-7765.json

97 lines
3.2 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2020-01-21 23:01:08 +00:00
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
Adds CVE-2020-7765
2020-11-16 14:00:01 +02:00
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2020-11-16T11:59:58.812992Z",
"-Synchronized-Data."
2020-01-21 23:01:08 +00:00
"ID": "CVE-2020-7765",
Adds CVE-2020-7765
2020-11-16 14:00:01 +02:00
"STATE": "PUBLIC",
"TITLE": "Prototype Pollution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "@firebase/util",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "0.3.4"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"-Synchronized-Data."
2020-11-16 13:02:01 +00:00
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324",
"name": "https://snyk.io/vuln/SNYK-JS-FIREBASEUTIL-1038324"
Adds CVE-2020-7765
2020-11-16 14:00:01 +02:00
},
{
"-Synchronized-Data."
2020-11-16 13:02:01 +00:00
"refsource": "MISC",
"url": "https://github.com/firebase/firebase-js-sdk/commit/9cf727fcc3d049551b16ae0698ac33dc2fe45ada",
"name": "https://github.com/firebase/firebase-js-sdk/commit/9cf727fcc3d049551b16ae0698ac33dc2fe45ada"
Adds CVE-2020-7765
2020-11-16 14:00:01 +02:00
},
{
"-Synchronized-Data."
2020-11-16 13:02:01 +00:00
"refsource": "MISC",
"url": "https://github.com/firebase/firebase-js-sdk/pull/4001",
"name": "https://github.com/firebase/firebase-js-sdk/pull/4001"
Adds CVE-2020-7765
2020-11-16 14:00:01 +02:00
}
]
"-Synchronized-Data."
2020-01-21 23:01:08 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2020-11-16 13:02:01 +00:00
"value": "This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program."
"-Synchronized-Data."
2020-01-21 23:01:08 +00:00
}
]
Adds CVE-2020-7765
2020-11-16 14:00:01 +02:00
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "Snyk Security Team"
}
]
"-Synchronized-Data."
2020-01-21 23:01:08 +00:00
}
Reference in New Issue Copy Permalink