Lucene search

[email protected]CVE-2023-3696

HistoryJul 17, 2023 - 1:15 a.m.

CVE-2023-3696

2023-07-1701:15:08

CWE-1321

[email protected]

web.nvd.nist.gov

119

cve-2023-3696

prototype pollution

github repository

automattic/mongoose

nvd

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

9.4 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

36.8%

JSON

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.

CPENameOperatorVersion
mongoosejs:mongoosemongoosejs mongooselt5.13.20
mongoosejs:mongoosemongoosejs mongooseeq2.4.5
mongoosejs:mongoosemongoosejs mongooseeq3.6.0
mongoosejs:mongoosemongoosejs mongooseeq4.4.8
mongoosejs:mongoosemongoosejs mongooseeq5.10.6
mongoosejs:mongoosemongoosejs mongooseeq1.0.1
mongoosejs:mongoosemongoosejs mongooseeq1.7.4
mongoosejs:mongoosemongoosejs mongooseeq1.1.19
mongoosejs:mongoosemongoosejs mongooseeq1.1.23
mongoosejs:mongoosemongoosejs mongooseeq1.8.4

CPE	Name	Operator	Version
mongoosejs:mongoose	mongoosejs mongoose	lt	5.13.20
mongoosejs:mongoose	mongoosejs mongoose	eq	2.4.5
mongoosejs:mongoose	mongoosejs mongoose	eq	3.6.0
mongoosejs:mongoose	mongoosejs mongoose	eq	4.4.8
mongoosejs:mongoose	mongoosejs mongoose	eq	5.10.6
mongoosejs:mongoose	mongoosejs mongoose	eq	1.0.1
mongoosejs:mongoose	mongoosejs mongoose	eq	1.7.4
mongoosejs:mongoose	mongoosejs mongoose	eq	1.1.19
mongoosejs:mongoose	mongoosejs mongoose	eq	1.1.23
mongoosejs:mongoose	mongoosejs mongoose	eq	1.8.4

Rows per page:

1-10 of 7801

References

github.com/automattic/mongoose/commit/305ce4ff789261df7e3f6e72363d0703e025f80d

huntr.dev/bounties/1eef5a72-f6ab-4f61-b31d-fc66f5b4b467

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H

9.4 High

AI Score

Confidence

High

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.001 Low

EPSS

Percentile

36.8%

JSON

Related for CVE-2023-3696

veracode1 openvas1 prion1 github2 osv4 huntr1 cvelist1