admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-284xx/CVE-2020-28472.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

261 lines
9.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-28472",
"sourceIdentifier": "report@snyk.io",
"published": "2021-01-19T11:15:13.027",
"lastModified": "2021-01-28T15:16:55.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context."
},
{
"lang": "es",
"value": "Esto afecta al paquete @aws-sdk/shared-ini-file-loader versiones anteriores a 1.0.0-rc.9; el paquete aws-sdk versiones anteriores a 2.814.0. Si un atacante env\u00eda un archivo INI malicioso hacia una aplicaci\u00f3n que lo analiza con la funci\u00f3n loadSharedConfigFiles, contaminar\u00e1 el prototipo de la aplicaci\u00f3n. Esto puede ser explotado a\u00fan m\u00e1s dependiendo del contexto"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_sdk_for_javascipt:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2.814.0",
"matchCriteriaId": "4B9D15C1-7835-40B7-86A0-BEC86A09377B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:alpha1:*:*:*:node.js:*:*",
"matchCriteriaId": "E4CC8788-7AEE-4613-B931-A69DA0630877"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:alpha2:*:*:*:node.js:*:*",
"matchCriteriaId": "8ED57E34-4BEC-4BB3-98B1-B98BA1E0ADD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:alpha3:*:*:*:node.js:*:*",
"matchCriteriaId": "AA8CF45E-E139-46EB-A651-636EC6496359"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:beta1:*:*:*:node.js:*:*",
"matchCriteriaId": "74038A5B-4691-460B-85F6-E5CD819EE40B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:beta2:*:*:*:node.js:*:*",
"matchCriteriaId": "E7D3816B-AF57-4882-B2C9-5E9525384389"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:beta3:*:*:*:node.js:*:*",
"matchCriteriaId": "9F0D0480-6C83-4965-A28C-7A454BF7B746"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:beta4:*:*:*:node.js:*:*",
"matchCriteriaId": "AE2DBB1D-F20D-4D84-A55B-9407C175A5A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:gamma1:*:*:*:node.js:*:*",
"matchCriteriaId": "DC401A8E-508D-44A0-AE88-6DF6D2A8B385"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:gamma2:*:*:*:node.js:*:*",
"matchCriteriaId": "14D7C530-E946-4F93-AD45-5FB44DA84D44"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:gamma3:*:*:*:node.js:*:*",
"matchCriteriaId": "2508E88C-3C1C-494F-AA87-78C50BBD375D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:gamma4:*:*:*:node.js:*:*",
"matchCriteriaId": "CCD4DCF2-AE3D-4F48-BD70-1EE4E901A6F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:gamma5:*:*:*:node.js:*:*",
"matchCriteriaId": "FC1163F8-369C-47DA-B2BA-B928E7677C7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:gamma6:*:*:*:node.js:*:*",
"matchCriteriaId": "CA2BAEC0-C485-45F4-B949-F4BD0DE4DAA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:gamma7:*:*:*:node.js:*:*",
"matchCriteriaId": "C789D328-FEC7-4686-B266-AF6A5E0D5F53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:gamma8:*:*:*:node.js:*:*",
"matchCriteriaId": "920F1CDF-2DDB-4676-AA90-6D0BE69C5C69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:rc1:*:*:*:node.js:*:*",
"matchCriteriaId": "32E0E5F4-87AB-4A23-8ADE-021E9FAD1EF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:rc2:*:*:*:node.js:*:*",
"matchCriteriaId": "8ECDEF82-7A6B-414A-9D4E-9DE60791659D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:rc3:*:*:*:node.js:*:*",
"matchCriteriaId": "7F4C56E0-3038-402C-9BA5-495B0AF4045B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amazon:aws_shared_configuration_file_loader:1.0.0:rc8:*:*:*:node.js:*:*",
"matchCriteriaId": "CAEDBEC9-7C13-4634-BC34-E13698BEDC6F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/aws/aws-sdk-js-v3/commit/a209082dff913939672bb069964b33aa4c5409a9",
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/aws/aws-sdk-js/pull/3585/commits/7d72aff2a941173733fcb6741b104cd83d3bc611",
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1059426",
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1059425",
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://snyk.io/vuln/SNYK-JS-AWSSDK-1059424",
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://snyk.io/vuln/SNYK-JS-AWSSDKSHAREDINIFILELOADER-1049304",
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink