CVE-2020-28032

Опубликовано: 02 нояб. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Средний

Описание

WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.

Ссылки

https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
Release Notes
Vendor Advisory
https://wpscan.com/vulnerability/10446
Third Party Advisory
https://www.debian.org/security/2020/dsa-4784
Third Party Advisory
https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/11/msg00004.html
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHVNK2WYAM3ZTCXTFSEIT56IKLVJHU3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VAVVYJKA2I6CRQUINECDPBGWMQDEG244/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VUXVUAKL2HL4QYJEPHBNVQQWRMFMII2Y/
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
Release Notes
Vendor Advisory
https://wpscan.com/vulnerability/10446
Third Party Advisory
https://www.debian.org/security/2020/dsa-4784
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*

Версия до 5.5.2 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.20723

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502

Связанные уязвимости

CVE-2020-28032

CVSS3: 9.8

ubuntu

больше 4 лет назад

WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.

CVE-2020-28032

CVSS3: 9.8

debian

больше 4 лет назад

WordPress before 5.5.2 mishandles deserialization requests in wp-inclu ...

GHSA-546f-q8mw-j4qj

CVSS3: 9.8

github

около 3 лет назад

WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php.

BDU:2021-01699

CVSS3: 9.8

fstec

больше 4 лет назад

Уязвимость компонента wp-includes/Requests/Utility/FilteredIterator.php системы управления содержимым сайта WordPress, связанная с восстановлением в памяти недостоверной структуры данных, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

EPSS

Процентиль: 95%

0.20723

Средний

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-502