CVE-2020-28480 - Vulnerability Details - OpenCVE

The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jointjs	Jointjs

Configuration 1 [-]

cpe:2.3:a:jointjs:jointjs:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/clientIO/joint/blob/master/src/util/util.mjs%23L150
https://github.com/clientIO/joint/pull/1406
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062037
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062036
https://snyk.io/vuln/SNYK-JS-JOINTJS-1024444

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2021-01-19T14:45:22.933123Z

Updated: 2024-09-16T17:07:41.852Z

Reserved: 2020-11-12T00:00:00

Link: CVE-2020-28480

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-01-19T15:15:11.980

Modified: 2024-11-21T05:22:52.813

Link: CVE-2020-28480

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "jointjs", "vendor": "n/a", "versions": [{"lessThan": "3.3.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Alessio Della Libera (d3lla)"}], "datePublic": "2021-01-19T00:00:00", "descriptions": [{"lang": "en", "value": "The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "LOW", "privilegesRequired": "NONE", "remediationLevel": "NOT_DEFINED", "reportConfidence": "NOT_DEFINED", "scope": "UNCHANGED", "temporalScore": 6.9, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Prototype Pollution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-01-19T14:45:22", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-JOINTJS-1024444"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062036"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062037"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/clientIO/joint/blob/master/src/util/util.mjs%23L150"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/clientIO/joint/pull/1406"}], "title": "Prototype Pollution", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "DATE_PUBLIC": "2021-01-19T14:43:07.113664Z", "ID": "CVE-2020-28480", "STATE": "PUBLIC", "TITLE": "Prototype Pollution"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "jointjs", "version": {"version_data": [{"version_affected": "<", "version_value": "3.3.0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Alessio Della Libera (d3lla)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Prototype Pollution"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-JOINTJS-1024444", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-JOINTJS-1024444"}, {"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062036", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062036"}, {"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062037", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062037"}, {"name": "https://github.com/clientIO/joint/blob/master/src/util/util.mjs%23L150", "refsource": "MISC", "url": "https://github.com/clientIO/joint/blob/master/src/util/util.mjs%23L150"}, {"name": "https://github.com/clientIO/joint/pull/1406", "refsource": "MISC", "url": "https://github.com/clientIO/joint/pull/1406"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T16:40:59.272Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JS-JOINTJS-1024444"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062036"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062037"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/clientIO/joint/blob/master/src/util/util.mjs%23L150"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/clientIO/joint/pull/1406"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-28480", "datePublished": "2021-01-19T14:45:22.933123Z", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2024-09-16T17:07:41.852Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jointjs:jointjs:*:*:*:*:*:*:*:*", "matchCriteriaId": "4CF946DD-6434-45C1-AA78-CB1201201A75", "versionEndExcluding": "3.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the object's key and set the value is not properly sanitized, leading to a Prototype Pollution."}, {"lang": "es", "value": "El paquete jointjs versiones anteriores a 3.3.0, es vulnerable a la contaminaci\u00f3n de prototipos por medio de util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). La ruta usada para acceder a la clave del objeto y establecer el valor no est\u00e1 correctamente saneada, lo que conlleva a una Contaminaci\u00f3n de Prototipo"}], "id": "CVE-2020-28480", "lastModified": "2024-11-21T05:22:52.813", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2021-01-19T15:15:11.980", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://github.com/clientIO/joint/blob/master/src/util/util.mjs%23L150"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://github.com/clientIO/joint/pull/1406"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062037"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062036"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-JOINTJS-1024444"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/clientIO/joint/blob/master/src/util/util.mjs%23L150"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/clientIO/joint/pull/1406"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1062037"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1062036"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-JOINTJS-1024444"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "[email protected]", "type": "Primary"}]}