mholt PapaParse har 5.1.x papaparse.js Kari na aiki

GumtiTarihigandayajsonxmlCTI

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin mholt PapaParse har 5.1.x. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, papaparse.js na cikin fayil, $software_component na cikin sashi. Ngam manipulation shi Kari na aiki. CWE shidin ka a yi bayani matsala sai ya kai CWE-1333. Gaskiya, laifi an fitar da shi 01/11/2023 a matsayin 777. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2020-36649. Wuro ndiyam na local network ɗin sai a samu kafin wannan hari ya yi nasara. Tekinikal bayani ga. Ba exploit ɗin da ake da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á wúro a wondi feere. Kama 0-day, an ndiyam a wuro be $0-$5k. Patch ɗin sunan ganowa shine 235a12758cd77266d2e98fd715f53536b34ad621. Bugfix ɗin an shirya shi don saukewa a github.com. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a hokkata. VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 Goyarwa · 74 Datenpunkte

Furɗe	Súgá 01/11/2023 15:55	Gargadi 1/2 02/01/2023 16:08	Gargadi 2/2 02/01/2023 16:16
software_vendor	mholt	mholt	mholt
software_name	PapaParse	PapaParse	PapaParse
software_version	<=5.1.x	<=5.1.x	<=5.1.x
software_file	papaparse.js	papaparse.js	papaparse.js
vulnerability_cwe	CWE-1333 (Kari na aiki)	CWE-1333 (Kari na aiki)	CWE-1333 (Kari na aiki)
vulnerability_risk	1	1	1
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_identifier	777	777	777
advisory_url	https://github.com/mholt/PapaParse/issues/777	https://github.com/mholt/PapaParse/issues/777	https://github.com/mholt/PapaParse/issues/777
advisory_confirm_url	https://github.com/mholt/PapaParse/pull/779	https://github.com/mholt/PapaParse/pull/779	https://github.com/mholt/PapaParse/pull/779
countermeasure_name	Gargajiya	Gargajiya	Gargajiya
upgrade_version	5.2.0	5.2.0	5.2.0
countermeasure_upgrade_url	https://github.com/mholt/PapaParse/releases/tag/5.2.0	https://github.com/mholt/PapaParse/releases/tag/5.2.0	https://github.com/mholt/PapaParse/releases/tag/5.2.0
patch_name	235a12758cd77266d2e98fd715f53536b34ad621	235a12758cd77266d2e98fd715f53536b34ad621	235a12758cd77266d2e98fd715f53536b34ad621
countermeasure_patch_url	https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621	https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621	https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621
source_cve	CVE-2020-36649	CVE-2020-36649	CVE-2020-36649
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1673391600 (01/11/2023)	1673391600 (01/11/2023)	1673391600 (01/11/2023)
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_av	A	A	A
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	2.3	2.3	2.3
cvss2_vuldb_tempscore	2.0	2.0	2.0
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.4	3.4	3.4
cvss3_meta_basescore	3.5	3.5	4.8
cvss3_meta_tempscore	3.4	3.4	4.8
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1673391600 (01/11/2023)	1673391600 (01/11/2023)
cve_nvd_summary		A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.	A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			N
cvss3_nvd_i			N
cvss3_nvd_a			H
cvss2_nvd_av			A
cvss2_nvd_ac			M
cvss2_nvd_au			S
cvss2_nvd_ci			N
cvss2_nvd_ii			N
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			N
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			2.3
cvss3_nvd_basescore			7.5
cvss3_cna_basescore			3.5

◂ Gurɗo Gumti Gada ▸

Do you know our Splunk app?

Download it now for free!