Adds CVE-2020-7770

2025-06-10 02:04:31 +00:00 · 2020-11-12 12:13:54 +02:00 · 2020-11-12 12:13:54 +02:00 · b4abddd1eb
commit b4abddd1eb
parent 9491236da1
1 changed files with 76 additions and 4 deletions
--- a/2020/7xxx/CVE-2020-7770.json
+++ b/2020/7xxx/CVE-2020-7770.json
@ -3,16 +3,88 @@
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "report@snyk.io",
+        "DATE_PUBLIC": "2020-11-12T10:13:51.539284Z",
        "ID": "CVE-2020-7770",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Prototype Pollution"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "json8",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_value": "1.0.3"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Prototype Pollution"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://snyk.io/vuln/SNYK-JS-JSON8-1017116"
+            },
+            {
+                "refsource": "CONFIRM",
+                "url": "https://github.com/sonnyp/JSON8/commit/2e890261b66cbc54ae01d0c79c71b0fd18379e7e"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "This affects the package json8 before 1.0.3.\n The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution.\n"
            }
        ]
-    }
+    },
+    "impact": {
+        "cvss": {
+            "version": "3.1",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+            "baseScore": 6.5,
+            "baseSeverity": "MEDIUM",
+            "attackVector": "NETWORK",
+            "attackComplexity": "LOW",
+            "privilegesRequired": "NONE",
+            "userInteraction": "REQUIRED",
+            "scope": "UNCHANGED",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "NONE",
+            "availabilityImpact": "NONE"
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "Alessio Della Libera (d3lla)"
+        }
+    ]
 }