CVE-2020-36049 (Medium) detected in istanbulv0.4.5, chatscriptChatScript-7.55 #32

mend-for-github-com · 2021-01-09T12:32:09Z

CVE-2020-36049 - Medium Severity Vulnerability

Vulnerable Libraries - istanbulv0.4.5, chatscriptChatScript-7.55

Vulnerability Details

socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used.

Publish Date: 2021-01-08

URL: CVE-2020-36049

CVSS 3 Score Details (5.4)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Scope: Unchanged
Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: Low
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36049

Release Date: 2021-01-08

Fix Resolution: socket.io-parser - 3.4.1

mend-for-github-com bot added the security vulnerability Security vulnerability detected by WhiteSource label Jan 9, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CVE-2020-36049 (Medium) detected in istanbulv0.4.5, chatscriptChatScript-7.55 #32

CVE-2020-36049 (Medium) detected in istanbulv0.4.5, chatscriptChatScript-7.55 #32

mend-for-github-com bot commented Jan 9, 2021

CVE-2020-36049 (Medium) detected in istanbulv0.4.5, chatscriptChatScript-7.55 #32

CVE-2020-36049 (Medium) detected in istanbulv0.4.5, chatscriptChatScript-7.55 #32

Comments

mend-for-github-com bot commented Jan 9, 2021

CVE-2020-36049 - Medium Severity Vulnerability