mholt PapaParse Dok 5.1.x papaparse.js Uskraćivanje usluge

StavkaIstorijapovežetejsonxmlCTI

Otkrivena je ranjivost klasifikovana kao Problematiиno u mholt PapaParse Dok 5.1.x. Pogođeno je nepoznata funkcija u fajlu papaparse.js. Manipulacija dovodi do Uskraćivanje usluge. Korišćenje CWE za deklarisanje problema vodi do CWE-1333. Slabost je objavljena 01/11/2023 kao 777. Obaveštenje je dostupno za preuzimanje na github.com. Ova ranjivost je označena kao CVE-2020-36649. Tehnički detalji su dostupni. Не постоји доступан експлоит. Trenutna cena za eksploataciju može biti približno USD $0-$5k u ovom trenutku. MITRE ATT&CK projekat deklariše tehniku napada kao T1449.003. Označeno je kao nije definisano. Kao 0-day, procenjena cena na crnom tržištu bila je oko $0-$5k. Ako nadogradite na verziju 5.2.0, ovaj problem može biti rešen. Ažurirana verzija je spremna za preuzimanje na github.com. Ime zakrpe je 235a12758cd77266d2e98fd715f53536b34ad621. Ispravka je spremna za preuzimanje na github.com. Preporučuje se nadogradnja pogođene komponente. VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 Promene · 74 Tačke podataka

Polje	Kreirali 01/11/2023 15:55	Ažurira 1/2 02/01/2023 16:08	Ažurira 2/2 02/01/2023 16:16
software_vendor	mholt	mholt	mholt
software_name	PapaParse	PapaParse	PapaParse
software_version	<=5.1.x	<=5.1.x	<=5.1.x
software_file	papaparse.js	papaparse.js	papaparse.js
vulnerability_cwe	CWE-1333 (Uskraćivanje usluge)	CWE-1333 (Uskraćivanje usluge)	CWE-1333 (Uskraćivanje usluge)
vulnerability_risk	1	1	1
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	L	L	L
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
advisory_identifier	777	777	777
advisory_url	https://github.com/mholt/PapaParse/issues/777	https://github.com/mholt/PapaParse/issues/777	https://github.com/mholt/PapaParse/issues/777
advisory_confirm_url	https://github.com/mholt/PapaParse/pull/779	https://github.com/mholt/PapaParse/pull/779	https://github.com/mholt/PapaParse/pull/779
countermeasure_name	Nadogradnju	Nadogradnju	Nadogradnju
upgrade_version	5.2.0	5.2.0	5.2.0
countermeasure_upgrade_url	https://github.com/mholt/PapaParse/releases/tag/5.2.0	https://github.com/mholt/PapaParse/releases/tag/5.2.0	https://github.com/mholt/PapaParse/releases/tag/5.2.0
patch_name	235a12758cd77266d2e98fd715f53536b34ad621	235a12758cd77266d2e98fd715f53536b34ad621	235a12758cd77266d2e98fd715f53536b34ad621
countermeasure_patch_url	https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621	https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621	https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621
source_cve	CVE-2020-36649	CVE-2020-36649	CVE-2020-36649
cna_responsible	VulDB	VulDB	VulDB
advisory_date	1673391600 (01/11/2023)	1673391600 (01/11/2023)	1673391600 (01/11/2023)
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_av	A	A	A
cvss2_vuldb_ac	M	M	M
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_av	A	A	A
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	2.3	2.3	2.3
cvss2_vuldb_tempscore	2.0	2.0	2.0
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.4	3.4	3.4
cvss3_meta_basescore	3.5	3.5	4.8
cvss3_meta_tempscore	3.4	3.4	4.8
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1673391600 (01/11/2023)	1673391600 (01/11/2023)
cve_nvd_summary		A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.	A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			N
cvss3_nvd_i			N
cvss3_nvd_a			H
cvss2_nvd_av			A
cvss2_nvd_ac			M
cvss2_nvd_au			S
cvss2_nvd_ci			N
cvss2_nvd_ii			N
cvss2_nvd_ai			P
cvss3_cna_av			A
cvss3_cna_ac			L
cvss3_cna_pr			L
cvss3_cna_ui			N
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			N
cvss3_cna_a			L
cve_cna			VulDB
cvss2_nvd_basescore			2.3
cvss3_nvd_basescore			7.5
cvss3_cna_basescore			3.5

◂ Prethodne Pregled Sledeжi ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!