CVE-2019-10790 - OpenCVE

Vendors	Products
Taffydb	Taffy

Link	Resource
https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450
https://snyk.io/vuln/SNYK-JS-TAFFY-546521	Exploit Third Party Advisory

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2019-10790", "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "dateUpdated": "2023-03-17T00:00:00", "dateReserved": "2019-04-03T00:00:00", "datePublished": "2020-02-17T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk", "dateUpdated": "2023-03-17T00:00:00"}, "descriptions": [{"lang": "en", "value": "taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB."}], "affected": [{"vendor": "n/a", "product": "taffy npm module", "versions": [{"version": "All versions including 2.6.2", "status": "affected"}]}], "references": [{"url": "https://snyk.io/vuln/SNYK-JS-TAFFY-546521"}, {"url": "https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Authorization Bypass Through User-Controlled Key"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:taffydb:taffy:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "E97730C5-F4C0-443D-A291-8979923310A5", "versionEndIncluding": "2.6.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB."}, {"lang": "es", "value": "taffy versiones hasta 2.6.2, permite a atacantes forjar la incorporaci\u00f3n de propiedades adicionales en la entrada del usuario procesada por taffy que puede permitir el acceso a cualquiera de los elementos de datos en la base de datos. taffy establece un \u00edndice interno para cada elemento de datos en su base de datos. Sin embargo, se encuentra que el \u00edndice interno puede ser falsificado agregando propiedades adicionales en la entrada del usuario. Si el \u00edndice se encuentra en la consulta, taffyDB ignorar\u00e1 otras condiciones de consulta y devolver\u00e1 directamente el elemento de datos indexado. Adem\u00e1s, el \u00edndice interno est\u00e1 en un formato f\u00e1cil de adivinar (por ejemplo, T000002R000001). Como tal, los atacantes pueden utilizar esta vulnerabilidad para acceder a cualquier elemento de datos en la base de datos."}], "id": "CVE-2019-10790", "lastModified": "2023-03-17T18:15:11.810", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-17T20:15:10.943", "references": [{"source": "report@snyk.io", "url": "https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-TAFFY-546521"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

JSON object

JSON object

JSON object