CVE-2019-18954 - Vulnerability Details - OpenCVE

Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netease	Pomelo

Configuration 1 [-]

cpe:2.3:a:netease:pomelo:2.2.5:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/NetEase/pomelo/issues/1149
https://github.com/cl0udz/vulnerabilities/tree/master/pomelo-critical-state-manipulation

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-11-13T23:39:46

Updated: 2024-08-05T02:02:39.866Z

Reserved: 2019-11-13T00:00:00

Link: CVE-2019-18954

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-11-14T00:15:11.017

Modified: 2024-11-21T04:33:54.343

Link: CVE-2019-18954

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-13T23:39:46", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/cl0udz/vulnerabilities/tree/master/pomelo-critical-state-manipulation"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/NetEase/pomelo/issues/1149"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-18954", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/cl0udz/vulnerabilities/tree/master/pomelo-critical-state-manipulation", "refsource": "MISC", "url": "https://github.com/cl0udz/vulnerabilities/tree/master/pomelo-critical-state-manipulation"}, {"name": "https://github.com/NetEase/pomelo/issues/1149", "refsource": "MISC", "url": "https://github.com/NetEase/pomelo/issues/1149"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T02:02:39.866Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/cl0udz/vulnerabilities/tree/master/pomelo-critical-state-manipulation"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/NetEase/pomelo/issues/1149"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-18954", "datePublished": "2019-11-13T23:39:46", "dateReserved": "2019-11-13T00:00:00", "dateUpdated": "2024-08-05T02:02:39.866Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netease:pomelo:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "F174E06D-AC65-457A-A9A9-CF0808DD6303", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Pomelo v2.2.5 allows external control of critical state data. A malicious user input can corrupt arbitrary methods and attributes in template/game-server/app/servers/connector/handler/entryHandler.js because certain internal attributes can be overwritten via a conflicting name. Hence, a malicious attacker can manipulate internal attributes by adding additional attributes to user input."}, {"lang": "es", "value": "Pomelo versi\u00f3n v2.2.5, permite el control externo de datos cr\u00edticos de estado. Una entrada de usuario maliciosa puede corromper los m\u00e9todos y atributos arbitrarios en el archivo template/game-server/app/servers/connector/handler/entryHandler.js porque ciertos atributos internos pueden ser sobrescritos por medio de un nombre en conflicto. Por lo tanto, un atacante malicioso puede manipular atributos internos al agregar atributos adicionales a la entrada de usuario."}], "id": "CVE-2019-18954", "lastModified": "2024-11-21T04:33:54.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-14T00:15:11.017", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/NetEase/pomelo/issues/1149"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/cl0udz/vulnerabilities/tree/master/pomelo-critical-state-manipulation"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://github.com/NetEase/pomelo/issues/1149"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/cl0udz/vulnerabilities/tree/master/pomelo-critical-state-manipulation"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-668"}], "source": "nvd@nist.gov", "type": "Primary"}]}