Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-36649

Опубликовано: 11 янв. 2023
Источник: debian
EPSS Низкий

Описание

A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mediawikifixed1:1.39.4-1package
mediawikifixed1:1.39.4-1~deb12u1bookwormpackage
mediawikifixed1:1.35.11-1~deb11u1bullseyepackage
mediawikinot-affectedbusterpackage

Примечания

  • MediaWiki embeds a copy, but negligible security impact

  • https://phabricator.wikimedia.org/T326946

  • https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621 (5.2.0)

  • Fixed in MediaWiki 1.35.10 / 1.38.6 / 1.39.3

  • https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/thread/6UQBHI5FWLATD7QO7DI4YS54U7XSSLAN/

EPSS

Процентиль: 53%
0.00304
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-36649

CVSS3: 3.5
ubuntu
около 3 лет назад

A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.

redhat логотип

CVE-2020-36649

CVSS3: 7.5
redhat
около 3 лет назад

A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.

nvd логотип

CVE-2020-36649

CVSS3: 3.5
nvd
около 3 лет назад

A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.

github логотип

GHSA-qvjc-g5vr-mfgr

CVSS3: 7.5
github
больше 5 лет назад

Regular Expression Denial of Service in papaparse

EPSS

Процентиль: 53%
0.00304
Низкий