CVE-2020-27996

Опубликовано: 29 окт. 2020

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations.

Ссылки

https://github.com/smartstore/SmartStoreNET/commit/8702c6140f4fc91956ef35dba12d24492fb3f768
Patch
Third Party Advisory
https://github.com/smartstore/SmartStoreNET/compare/4.0.0...4.0.1
Release Notes
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2020-138-139-SmartstoreAG-SmartStoreNET
Exploit
Third Party Advisory
https://github.com/smartstore/SmartStoreNET/commit/8702c6140f4fc91956ef35dba12d24492fb3f768
Patch
Third Party Advisory
https://github.com/smartstore/SmartStoreNET/compare/4.0.0...4.0.1
Release Notes
Third Party Advisory
https://securitylab.github.com/advisories/GHSL-2020-138-139-SmartstoreAG-SmartStoreNET
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:smartstore:smartstorenet:*:*:*:*:*:*:*:*

Версия до 4.0.1 (исключая)

EPSS

Процентиль: 66%

0.00516

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo