Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2020-7720

Published: 01/09/2020 Updated: 02/12/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 7.3 | Impact Score: 3.4 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Forge

Vulnerability Summary

The package node-forge prior to 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

digitalbazaar forge

Vendor Advisories

Debian CVElist Bug Report Logs: node-node-forge: CVE-2020-7720
Debian Bug report logs - #969669 node-node-forge: CVE-2020-7720 Package: src:node-node-forge; Maintainer for src:node-node-forge is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 6 Sep 2020 20:09:01 UTC Severity: grave Ta ...
Red Hat: Moderate: Red Hat OpenShift Container Storage 4.6.0 security, bug fix, enhancement update
Synopsis Moderate: Red Hat OpenShift Container Storage 460 security, bug fix, enhancement update Type/Severity Security Advisory: Moderate Topic Updated images are now available for Red Hat OpenShift Container Storage 460 on Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ha ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container
Synopsis Moderate: security update - Red Hat Ansible Tower 374-1 - RHEL7 Container Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 374-1 - RHEL7 Container Description Fixed two jQuery vulnerabilities (CVE-2020-11022, CVE-2020-11023) Improved Ansible Tower's web se ...

Github Repositories

https://github.com/flvoyer/url-shortener

URL Shortener is a fullstack HTTP link shortener project.

URL Shortener URL Shortener est un projet fullstack de raccourcisseur de liens HTTP Le traitement des données utilise le langage Nodejs et son framework Expressjs Les données sont stockées dans une base de données SQLite3 Du javascript vanilla pour le front-end, la gestion des événements, et les requêtes HTTP Le tout empaqu

References

CWE-1321https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.mdhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969669https://nvd.nist.govhttps://github.com/flvoyer/url-shortener
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook