Lucene search

GitHub Advisory DatabaseGHSA-GFFV-5HR2-F9GJ

HistoryAug 25, 2021 - 8:43 p.m.

Flaw in streaming state in orion

2021-08-2520:43:18

CWE-682

GitHub Advisory Database

github.com

orion

streaming state

affected versions

software

flaw

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.1%

JSON

Affected versions of this crate did not properly reset a streaming state. Resetting a streaming state, without finalising it first, creates incorrect results. The flaw was corrected by not first checking if the state had already been reset, when calling reset().

Affected configurations

Vulners

Node

orion_projectorionRange<0.11.2

VendorProductVersionCPE
orion_projectorion*cpe:2.3:a:orion_project:orion:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
orion_project	orion	*	cpe:2.3:a:orion_project:orion::::::::

References

github.com/advisories/GHSA-gffv-5hr2-f9gj

github.com/brycx/orion/issues/46

nvd.nist.gov/vuln/detail/CVE-2018-20999

rustsec.org/advisories/RUSTSEC-2018-0012.html

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

43.1%

JSON

Related for GHSA-GFFV-5HR2-F9GJ