VDB
CVE-2020-7751
CVE-2020-7751
PUBLISHED
pathval before version 1.1.1 is vulnerable to prototype pollution.
EPSS 0.65% · 71.3th percentile
Risk Scores
EPSS Score
0.65%
71.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | node-pathval | 0, 1.1.0-3 |
| Ubuntu:18.04:LTS | node-pathval | 0, 1.1.0-1 |
Exploit Intelligence
- https://snyk.io/vuln/SNYK-JS-PATHVAL-596926 (nist-nvd)
- https://bugzilla.redhat.com/show_bug.cgi?id=1409754 (circl)
- https://pony7.fr/ctf:public:32c3:cryptmsg (circl)
- [oss-security] 20161227 Re: Buffer overflow in pycrypto (circl)
- FEDORA-2017-7c569d396b (circl)
- https://github.com/dlitz/pycrypto/issues/176 (circl)
- 95122 (circl)
- FEDORA-2017-08207fe48b (circl)
- GLSA-201702-14 (circl)
- https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 (circl)
…and 7 more exploits
Timeline
- Oct 23, 2018 PoC Published
- Oct 25, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 19, 2021 EPSS Score
- Jun 24, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-7751 third-party-advisory
- https://snyk.io/vuln/SNYK-JS-PATHVAL-596926 third-party-advisory
- https://github.com/chaijs/pathval/pull/58 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-7751 third-party-advisory