admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-07 05:28:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-77xx/CVE-2020-7766.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

141 lines
4.3 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-7766",
"sourceIdentifier": "report@snyk.io",
"published": "2020-11-10T16:15:14.963",
"lastModified": "2022-12-02T19:44:37.570",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution."
},
{
"lang": "es",
"value": "Esto afecta a todas las versiones del paquete json-ptr. El problema ocurre en la operaci\u00f3n de configuraci\u00f3n (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) cuando el flag de fuerza se establece en verdadero. La funci\u00f3n establece de forma recursiva la propiedad en el objeto objetivo, sin embargo, no comprueba correctamente la clave que est\u00e1 siendo configurada, lo que genera una contaminaci\u00f3n de prototipo"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:json-ptr_project:json-ptr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.0",
"matchCriteriaId": "9AF4834D-2800-4630-BCE0-787B331DD741"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/flitbit/json-ptr/blob/master/src/util.ts%23L174",
"source": "report@snyk.io",
"tags": [
"Broken Link"
]
},
{
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396",
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://snyk.io/vuln/SNYK-JS-JSONPTR-1016939",
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink