VDB-218019 · CVE-2020-36650 · ID 22

IonicaBizau node-gry har 5.x kura hakki ndiyam

Wuro vulnerability wey an yi classify sey kura an gano shi a cikin IonicaBizau node-gry har 5.x. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, $software_file na cikin fayil, $software_component na cikin sashi. Ngam manipulation shi kura hakki ndiyam. CWE shidin ka a yi bayani matsala sai ya kai CWE-77. Gaskiya, laifi an fitar da shi 01/11/2023 a matsayin 22. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2020-36650. Wuro ndiyam na local network ɗin sai a samu kafin wannan hari ya yi nasara. Tekinikal bayani ba ga. Ba exploit ɗin da ake da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á wúro a wondi feere. Kama 0-day, an ndiyam a wuro be $0-$5k. Patch ɗin sunan ganowa shine 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. An tanadi gyaran matsalar don saukewa a github.com. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a hokkata. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

3 Goyarwa · 73 Datenpunkte

Furɗe	Súgá 01/11/2023 18:57	Gargadi 1/2 02/04/2023 07:13	Gargadi 2/2 02/04/2023 07:19
software_vendor	IonicaBizau	IonicaBizau	IonicaBizau
software_name	node-gry	node-gry	node-gry
software_version	<=5.x	<=5.x	<=5.x
vulnerability_cwe	CWE-77 (kura hakki ndiyam)	CWE-77 (kura hakki ndiyam)	CWE-77 (kura hakki ndiyam)
vulnerability_risk	2	2	2
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_identifier	22	22	22
advisory_url	https://github.com/IonicaBizau/node-gry/pull/22	https://github.com/IonicaBizau/node-gry/pull/22	https://github.com/IonicaBizau/node-gry/pull/22
countermeasure_name	Gargajiya	Gargajiya	Gargajiya
upgrade_version	6.0.0	6.0.0	6.0.0
countermeasure_upgrade_url	https://github.com/IonicaBizau/node-gry/releases/tag/6.0.0	https://github.com/IonicaBizau/node-gry/releases/tag/6.0.0	https://github.com/IonicaBizau/node-gry/releases/tag/6.0.0
patch_name	5108446c1e23960d65e8b973f1d9486f9f9dbd6c	5108446c1e23960d65e8b973f1d9486f9f9dbd6c	5108446c1e23960d65e8b973f1d9486f9f9dbd6c
countermeasure_patch_url	https://github.com/IonicaBizau/node-gry/commit/5108446c1e23960d65e8b973f1d9486f9f9dbd6c	https://github.com/IonicaBizau/node-gry/commit/5108446c1e23960d65e8b973f1d9486f9f9dbd6c	https://github.com/IonicaBizau/node-gry/commit/5108446c1e23960d65e8b973f1d9486f9f9dbd6c
countermeasure_advisoryquote	fix command injection vulnerability	fix command injection vulnerability	fix command injection vulnerability
source_cve	CVE-2020-36650	CVE-2020-36650	CVE-2020-36650
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1673391600 (01/11/2023)	1673391600 (01/11/2023)	1673391600 (01/11/2023)
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_av	A	A	A
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	5.2	5.2	5.2
cvss2_vuldb_tempscore	4.5	4.5	4.5
cvss3_vuldb_basescore	5.5	5.5	5.5
cvss3_vuldb_tempscore	5.3	5.3	5.3
cvss3_meta_basescore	5.5	5.5	6.3
cvss3_meta_tempscore	5.3	5.3	6.3
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1673391600 (01/11/2023)	1673391600 (01/11/2023)
cve_nvd_summary		A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The name of the patch is 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019.	A vulnerability, which was classified as critical, was found in IonicaBizau node-gry up to 5.x. This affects an unknown part. The manipulation leads to command injection. Upgrading to version 6.0.0 is able to address this issue. The name of the patch is 5108446c1e23960d65e8b973f1d9486f9f9dbd6c. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-218019.
cvss3_nvd_av			A
cvss3_nvd_ac			L
cvss3_nvd_pr			L
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			H
cvss3_nvd_a			H
cvss2_nvd_av			A
cvss2_nvd_ac			L
cvss2_nvd_au			S
cvss2_nvd_ci			P
cvss2_nvd_ii			P
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			L
cvss3_cna_i			L
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			5.2
cvss3_nvd_basescore			8.0
cvss3_cna_basescore			5.5

◂ Gurɗo Gumti Gada ▸

Might our Artificial Intelligence support you?

Check our Alexa App!