Lucene search

[email protected]CVE-2020-8178

HistoryJul 15, 2020 - 5:15 p.m.

CVE-2020-8178

2020-07-1517:15:11

CWE-78

[email protected]

web.nvd.nist.gov

cve-2020-8178

npm package

jison

input validation

os command injection

security vulnerability

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.3%

JSON

Insufficient input validation in npm package jison <= 0.4.18 may lead to OS command injection attacks.

Affected configurations

NVD

Node

jison_projectjisonRange≤0.4.18node.js

CPENameOperatorVersion
jison_project:jisonjison project jisonle0.4.18

CPE	Name	Operator	Version
jison_project:jison	jison project jison	le	0.4.18

CNA Affected

[
  {
    "product": "jison",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Not Fixed"
      }
    ]
  }
]

References

hackerone.com/reports/690010

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.3%

JSON

Related for CVE-2020-8178

hackerone1 veracode1 ubuntucve1 ibm2 prion1 debiancve1 huntr1 nodejs1 cvelist1 nvd1 github1