Lucene search

SnykCVELIST:CVE-2020-7706

HistoryAug 18, 2020 - 9:20 a.m.

CVE-2020-7706 Prototype Pollution

2020-08-1809:20:12

snyk

www.cve.org

cve-2020-7706

prototype pollution

configuration language library

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

AI Score

9.5

Confidence

High

EPSS

0.004

Percentile

74.8%

JSON

The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie.

CNA Affected

[
  {
    "product": "connie-lang",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "0.1.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/mattinsler/connie-lang/commit/ef376d404c712dd28309ba07f28a8f87f24a015a

snyk.io/vuln/SNYK-JS-CONNIELANG-598853

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C

AI Score

9.5

Confidence

High

EPSS

0.004

Percentile

74.8%

JSON

Related for CVELIST:CVE-2020-7706