GoogleOSV:GHSA-M7J4-FHG6-XF5Vdatatables.net vulnerable to Prototype Pollution due to incomplete fix
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.6%
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.
| CPE | Name | Operator | Version |
|---|---|---|---|
| datatables.net | lt | 1.10.22 |
References
github.com/DataTables/DataTablesSrc
github.com/DataTables/DataTablesSrc/commit/a51cbe99fd3d02aa5582f97d4af1615d11a1ea03
github.com/DataTables/Dist-DataTables/blob/master/js/jquery.dataTables.js%23L2766
nvd.nist.gov/vuln/detail/CVE-2020-28458
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1051961
snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1051962
snyk.io/vuln/SNYK-JS-DATATABLESNET-1016402
snyk.io/vuln/SNYK-JS-DATATABLESNET-598806
Related
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
70.6%