CVE-2020-36660

Опубликовано: 06 фев. 2023

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The patch is named 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211.

Ссылки

https://github.com/paxswill/evesrp/commit/9e03f68e46e85ca9c9694a6971859b3ee66f0240
Patch
https://github.com/paxswill/evesrp/releases/tag/v0.12.12
Release Notes
https://vuldb.com/?ctiid.220211
Permissions Required
Third Party Advisory
https://vuldb.com/?id.220211
Third Party Advisory
https://github.com/paxswill/evesrp/commit/9e03f68e46e85ca9c9694a6971859b3ee66f0240
Patch
https://github.com/paxswill/evesrp/releases/tag/v0.12.12
Release Notes
https://vuldb.com/?ctiid.220211
Permissions Required
Third Party Advisory
https://vuldb.com/?id.220211
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eve_ship_replacement_program_project:eve_ship_replacement_program:0.12.11:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00097

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

4 Medium

CVSS2

Дефекты

CWE-200

NVD-CWE-noinfo

Связанные уязвимости

GHSA-fxqx-xgqq-gf42

CVSS3: 4.3

github

около 3 лет назад

Exposure of Sensitive Information in EVE-SRP

EPSS

Процентиль: 27%

0.00097

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

4 Medium

CVSS2

Дефекты

CWE-200

NVD-CWE-noinfo