Lucene search

[email protected]CVE-2020-28443

HistoryJul 25, 2022 - 2:15 p.m.

CVE-2020-28443

2022-07-2514:15:09

CWE-77

[email protected]

web.nvd.nist.gov

cve

2020

28443

sonar-wrapper

injection

vulnerability

nvd

security

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.

Affected configurations

NVD

Node

sonar-wrapper_projectsonar-wrappernode.js

CPENameOperatorVersion
sonar-wrapper_project:sonar-wrappersonar-wrapper project sonar-wrappereq*

CPE	Name	Operator	Version
sonar-wrapper_project:sonar-wrapper	sonar-wrapper project sonar-wrapper	eq	*

CNA Affected

[
  {
    "product": "sonar-wrapper",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

security.snyk.io/vuln/SNYK-JS-SONARWRAPPER-1050980

Social References

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.3%

JSON

Related for CVE-2020-28443

cvelist1 prion1 github1 osv1 nvd1 veracode1