admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-29 01:31:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2020/CVE-2020-77xx/CVE-2020-7746.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

158 lines
4.7 KiB
JSON
Raw Blame History

{
"id": "CVE-2020-7746",
"sourceIdentifier": "report@snyk.io",
"published": "2020-10-29T08:15:12.007",
"lastModified": "2022-12-02T19:44:51.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution."
},
{
"lang": "es",
"value": "Esto afecta al paquete chart.js versiones anteriores a 2.9.4. El par\u00e1metro options no es saneado apropiadamente cuando es procesado. Cuando las opciones son procesadas, las opciones existentes (o las opciones predeterminadas) se fusionan profundamente con las opciones proporcionadas. Sin embargo, durante esta operaci\u00f3n, las claves del objeto que est\u00e1 siendo ajustado no son comprobadas, conllevando a una contaminaci\u00f3n del prototipo"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:chartjs:chart.js:*:*:*:*:*:node.js:*:*",
"versionEndExcluding": "2.9.4",
"matchCriteriaId": "7F233AD0-FAAB-43E9-BC5D-923121DACC04"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/chartjs/Chart.js/pull/7920",
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1019375",
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBCHARTJS-1019376",
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1019374",
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716",
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink