exploitDog

CVE-2020-17479

Опубликовано: 10 авг. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array.

Ссылки

https://blog.sonatype.com/cve-2020-17479
Exploit
Third Party Advisory
https://github.com/manvel-khnkoyan/jpv/commit/e3eec1215caa8d5c560f5e88d0943422831927d6
Patch
Third Party Advisory
https://github.com/manvel-khnkoyan/jpv/issues/10
Exploit
Third Party Advisory
https://www.npmjs.com/package/jpv
Product
Third Party Advisory
https://blog.sonatype.com/cve-2020-17479
Exploit
Third Party Advisory
https://github.com/manvel-khnkoyan/jpv/commit/e3eec1215caa8d5c560f5e88d0943422831927d6
Patch
Third Party Advisory
https://github.com/manvel-khnkoyan/jpv/issues/10
Exploit
Third Party Advisory
https://www.npmjs.com/package/jpv
Product
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:json_pattern_validator_project:json_pattern_validator:*:*:*:*:*:node.js:*:*

Версия до 2.2.2 (исключая)

EPSS

Процентиль: 70%

0.00633

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-vh6r-g38f-q3w8

CVSS3: 9.8

github

почти 5 лет назад

Validation bypass in jpv

EPSS

Процентиль: 70%

0.00633

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-20