CVE-2020-7764
Web Cache Poisoning
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack.
Esto afecta al paquete find-my-way versiones anteriores a 2.2.5, desde versiones 3.0.0 y anteriores a 3.0.5. Acepta el encabezado Accept-Version por defecto, y si las rutas versionadas no están siendo usadas, esto podría conllevar a una denegación de servicio. Accept-Version puede ser usado como un encabezado sin clave en un ataque de envenenamiento de caché
*Credits:
yousteen,trygve_lie
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-21 CVE Reserved
- 2020-11-08 CVE Published
- 2023-07-25 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://snyk.io/vuln/SNYK-JS-FINDMYWAY-1038269 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/delvedor/find-my-way/commit/ab408354690e6b9cf3c4724befb3b3fa4bb90aac | 2020-11-16 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Find-my-way Project Search vendor "Find-my-way Project" | Find-my-way Search vendor "Find-my-way Project" for product "Find-my-way" | < 2.2.5 Search vendor "Find-my-way Project" for product "Find-my-way" and version " < 2.2.5" | - |
Affected
| ||||||
| Find-my-way Project Search vendor "Find-my-way Project" | Find-my-way Search vendor "Find-my-way Project" for product "Find-my-way" | >= 3.0.0 < 3.0.5 Search vendor "Find-my-way Project" for product "Find-my-way" and version " >= 3.0.0 < 3.0.5" | - |
Affected
| ||||||