CVE-2020-36618

Опубликовано: 19 дек. 2022

Источник: nvd

CVSS3: 6.3

CVSS3: 9.8

EPSS Низкий

Описание

A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to launch the attack remotely. The name of the patch is 46ccc2aee8d063c7b6b4dee2c2834113b7286076. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216252.

Ссылки

https://github.com/FurqanSoftware/node-whois/commit/46ccc2aee8d063c7b6b4dee2c2834113b7286076
Patch
Third Party Advisory
https://github.com/FurqanSoftware/node-whois/pull/105
Exploit
Issue Tracking
Patch
Third Party Advisory
https://vuldb.com/?id.216252
Third Party Advisory
https://github.com/FurqanSoftware/node-whois/commit/46ccc2aee8d063c7b6b4dee2c2834113b7286076
Patch
Third Party Advisory
https://github.com/FurqanSoftware/node-whois/pull/105
Exploit
Issue Tracking
Patch
Third Party Advisory
https://vuldb.com/?id.216252
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:furqansofware:node_whois:-:*:*:*:*:node.js:*:*

EPSS

Процентиль: 67%

0.00541

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-74

CWE-1321

Связанные уязвимости

GHSA-97jv-c342-5xhc

CVSS3: 9.8

github

около 3 лет назад

FurqanSoftware/node-whois vulnerable to Prototype Pollution

EPSS

Процентиль: 67%

0.00541

Низкий

6.3 Medium

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-74

CWE-1321