CVE-2020-28502 - OpenCVE

This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Xmlhttprequest Project	Xmlhttprequest

Configuration 1 [-]

cpe:2.3:a:xmlhttprequest_project:xmlhttprequest:*:*:*:*:*:node.js:*:*

References

Link	Resource
https://github.com/driverdan/node-XMLHttpRequest/blob/1.6.0/lib/XMLHttpRequest.js%23L480	Broken Link
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082937	Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082938	Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935	Exploit Third Party Advisory
https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: snyk

Published: 2021-03-05T00:00:00

Updated: 2021-03-05T17:25:16

Reserved: 2020-11-12T00:00:00

Link: CVE-2020-28502

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-03-05T18:15:12.830

Modified: 2021-03-16T16:12:47.017

Link: CVE-2020-28502

JSON object: View

Redhat Information

No data.

CWE

CWE-94

{"containers": {"cna": {"affected": [{"product": "xmlhttprequest", "vendor": "n/a", "versions": [{"lessThan": "1.7.0", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "xmlhttprequest-ssl", "vendor": "n/a", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "rinsuki"}], "datePublic": "2021-03-05T00:00:00", "descriptions": [{"lang": "en", "value": "This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "remediationLevel": "OFFICIAL_FIX", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 7.3, "temporalSeverity": "HIGH", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Arbitrary Code Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-03-05T17:25:16", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082937"}, {"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082938"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/driverdan/node-XMLHttpRequest/blob/1.6.0/lib/XMLHttpRequest.js%23L480"}], "title": "Arbitrary Code Injection", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2021-03-05T17:20:04.331575Z", "ID": "CVE-2020-28502", "STATE": "PUBLIC", "TITLE": "Arbitrary Code Injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "xmlhttprequest", "version": {"version_data": [{"version_affected": "<", "version_value": "1.7.0"}]}}]}, "vendor_name": "n/a"}, {"product": {"product_data": [{"product_name": "xmlhttprequest-ssl", "version": {"version_data": [{"version_affected": ">=", "version_value": "0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "rinsuki"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary Code Injection"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935"}, {"name": "https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936"}, {"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082937", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082937"}, {"name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082938", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082938"}, {"name": "https://github.com/driverdan/node-XMLHttpRequest/blob/1.6.0/lib/XMLHttpRequest.js%23L480", "refsource": "MISC", "url": "https://github.com/driverdan/node-XMLHttpRequest/blob/1.6.0/lib/XMLHttpRequest.js%23L480"}]}}}}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-28502", "datePublished": "2021-03-05T00:00:00", "dateReserved": "2020-11-12T00:00:00", "dateUpdated": "2021-03-05T17:25:16", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xmlhttprequest_project:xmlhttprequest:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "F2D26F16-BD5F-4C5C-8140-DEA8B204D412", "versionEndExcluding": "1.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run."}, {"lang": "es", "value": "Esto afecta al paquete xmlhttprequest versiones anteriores a 1.7.0; todas las versiones del paquete xmlhttprequest-ssl. Siempre que las peticiones son enviadas de forma sincr\u00f3nica (async=False en xhr.open), la entrada de un usuario malicioso que fluye hacia xhr.send podr\u00eda resultar en una inyecci\u00f3n y ejecuci\u00f3n de c\u00f3digo arbitraria"}], "id": "CVE-2020-28502", "lastModified": "2021-03-16T16:12:47.017", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "report@snyk.io", "type": "Secondary"}]}, "published": "2021-03-05T18:15:12.830", "references": [{"source": "report@snyk.io", "tags": ["Broken Link"], "url": "https://github.com/driverdan/node-XMLHttpRequest/blob/1.6.0/lib/XMLHttpRequest.js%23L480"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082937"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1082938"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}