CVE-2020-7766 - Vulnerability Details - OpenCVE

This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Json-ptr Project	Json-ptr

Configuration 1 [-]

cpe:2.3:a:json-ptr_project:json-ptr:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/flitbit/json-ptr/blob/master/src/util.ts%23L174
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396
https://snyk.io/vuln/SNYK-JS-JSONPTR-1016939

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2020-11-10T15:35:15.894341Z

Updated: 2024-09-16T22:14:07.645Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7766

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-11-10T16:15:14.963

Modified: 2024-11-21T05:37:45.777

Link: CVE-2020-7766

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "json-ptr", "vendor": "n/a", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Alessio Della Libera (d3lla)"}], "datePublic": "2020-11-10T00:00:00", "descriptions": [{"lang": "en", "value": "This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.6, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Prototype Pollution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-10T15:35:15", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-JSONPTR-1016939"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/flitbit/json-ptr/blob/master/src/util.ts%23L174"}], "title": "Prototype Pollution", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2020-11-10T15:33:00.131346Z", "ID": "CVE-2020-7766", "STATE": "PUBLIC", "TITLE": "Prototype Pollution"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "json-ptr", "version": {"version_data": [{"version_affected": ">=", "version_value": "0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Alessio Della Libera (d3lla)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Prototype Pollution"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-JSONPTR-1016939", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-JSONPTR-1016939"}, {"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396"}, {"name": "https://github.com/flitbit/json-ptr/blob/master/src/util.ts%23L174", "refsource": "MISC", "url": "https://github.com/flitbit/json-ptr/blob/master/src/util.ts%23L174"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:41:01.327Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JS-JSONPTR-1016939"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/flitbit/json-ptr/blob/master/src/util.ts%23L174"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7766", "datePublished": "2020-11-10T15:35:15.894341Z", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-09-16T22:14:07.645Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:json-ptr_project:json-ptr:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AF4834D-2800-4630-BCE0-787B331DD741", "versionEndExcluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution."}, {"lang": "es", "value": "Esto afecta a todas las versiones del paquete json-ptr. El problema ocurre en la operaci\u00f3n de configuraci\u00f3n (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) cuando el flag de fuerza se establece en verdadero. La funci\u00f3n establece de forma recursiva la propiedad en el objeto objetivo, sin embargo, no comprueba correctamente la clave que est\u00e1 siendo configurada, lo que genera una contaminaci\u00f3n de prototipo"}], "id": "CVE-2020-7766", "lastModified": "2024-11-21T05:37:45.777", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "report@snyk.io", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-11-10T16:15:14.963", "references": [{"source": "report@snyk.io", "tags": ["Broken Link"], "url": "https://github.com/flitbit/json-ptr/blob/master/src/util.ts%23L174"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-JSONPTR-1016939"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "https://github.com/flitbit/json-ptr/blob/master/src/util.ts%23L174"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-JSONPTR-1016939"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1321"}], "source": "nvd@nist.gov", "type": "Primary"}]}