CVE-2019-18954 - OpenCVE

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Netease	Pomelo

Configuration 1 [-]

cpe:2.3:a:netease:pomelo:2.2.5:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/NetEase/pomelo/issues/1149	Issue Tracking Third Party Advisory
https://github.com/cl0udz/vulnerabilities/tree/master/pomelo-critical-state-manipulation	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-13T23:39:46

Updated: 2019-11-13T23:39:46

Reserved: 2019-11-13T00:00:00

Link: CVE-2019-18954

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-11-14T00:15:11.017

Modified: 2020-08-24T17:37:01.140

Link: CVE-2019-18954

JSON object: View

Redhat Information

No data.

CWE

CWE-668

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-13T23:39:46", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/cl0udz/vulnerabilities/tree/master/pomelo-critical-state-manipulation"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/NetEase/pomelo/issues/1149"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-18954", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/cl0udz/vulnerabilities/tree/master/pomelo-critical-state-manipulation", "refsource": "MISC", "url": "https://github.com/cl0udz/vulnerabilities/tree/master/pomelo-critical-state-manipulation"}, {"name": "https://github.com/NetEase/pomelo/issues/1149", "refsource": "MISC", "url": "https://github.com/NetEase/pomelo/issues/1149"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-18954", "datePublished": "2019-11-13T23:39:46", "dateReserved": "2019-11-13T00:00:00", "dateUpdated": "2019-11-13T23:39:46", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netease:pomelo:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "F174E06D-AC65-457A-A9A9-CF0808DD6303", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input."}, {"lang": "es", "value": "Pomelo versi\u00f3n v2.2.5, permite el control externo de datos cr\u00edticos de estado. Una entrada de usuario maliciosa puede corromper los m\u00e9todos y atributos arbitrarios en el archivo template/game-server/app/servers/connector/handler/entryHandler.js porque ciertos atributos internos pueden ser sobrescritos por medio de un nombre en conflicto. Por lo tanto, un atacante malicioso puede manipular atributos internos al agregar atributos adicionales a la entrada de usuario."}], "id": "CVE-2019-18954", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-14T00:15:11.017", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/NetEase/pomelo/issues/1149"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/cl0udz/vulnerabilities/tree/master/pomelo-critical-state-manipulation"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}