CVE-2020-28458

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions datatables.net (affected versions not specified)

Description The issue is related to insufficient control of modification of dynamically defined object properties, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. The vulnerability is due to an incomplete fix for a previously known issue.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Prototype Pollution

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321CWE-915CWE-400

Related Identifiers

AZL-53184

BDU:2021-05423

CVE-2020-28458

GHSA-M7J4-FHG6-XF5V

RHSA-2021:1169

RHSA-2021:1184

RHSA-2021:1186

SNYK-JAVA-ORGWEBJARSBOWER-1051961

SNYK-JAVA-ORGWEBJARSNPM-1051962

SNYK-JS-DATATABLESNET-1016402

SNYK-JS-DATATABLESNET-598806

Affected Products

Datatables.Net

CVE-2020-28458

Weakness Enumeration

Related Identifiers

Affected Products

References · 20