CVE-2020-5241 - Vulnerability Details

Vendors	Products
Matestack	Ui-core

Link	Providers
https://github.com/matestack/matestack-ui-core/security/advisories/GHSA-3jqw-vv45-mjhh

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "matestack-ui-core", "vendor": "matestack", "versions": [{"status": "affected", "version": "< 0.7.4"}]}], "descriptions": [{"lang": "en", "value": "matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-80", "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-02-12T23:40:11", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/matestack/matestack-ui-core/security/advisories/GHSA-3jqw-vv45-mjhh"}], "source": {"advisory": "GHSA-3jqw-vv45-mjhh", "discovery": "UNKNOWN"}, "title": "XSS/Script injection vulnerability in matestack", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-5241", "STATE": "PUBLIC", "TITLE": "XSS/Script injection vulnerability in matestack"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "matestack-ui-core", "version": {"version_data": [{"version_value": "< 0.7.4"}]}}]}, "vendor_name": "matestack"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}]}]}, "references": {"reference_data": [{"name": "https://github.com/matestack/matestack-ui-core/security/advisories/GHSA-3jqw-vv45-mjhh", "refsource": "CONFIRM", "url": "https://github.com/matestack/matestack-ui-core/security/advisories/GHSA-3jqw-vv45-mjhh"}]}, "source": {"advisory": "GHSA-3jqw-vv45-mjhh", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:22:09.024Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/matestack/matestack-ui-core/security/advisories/GHSA-3jqw-vv45-mjhh"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-5241", "datePublished": "2020-02-12T23:40:11", "dateReserved": "2020-01-02T00:00:00", "dateUpdated": "2024-08-04T08:22:09.024Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : matestack-ui-core (string)

vendor : matestack (string)

versions : [ »

0 : { »

status : affected (string)

version : < 0.7.4 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4. (string)

}

]

metrics : [ »

0 : { »

cvssV3_1 : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.7 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N (string)

version : 3.1 (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-80 (string)

description : CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2020-02-12T23:40:11 (string)

orgId : a0819718-46f1-4df5-94e2-005712e83aaa (string)

shortName : GitHub_M (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/matestack/matestack-ui-core/security/advisories/GHSA-3jqw-vv45-mjhh (string)

}

]

source : { »

advisory : GHSA-3jqw-vv45-mjhh (string)

discovery : UNKNOWN (string)

}

title : XSS/Script injection vulnerability in matestack (string)

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : security-advisories@github.com (string)

ID : CVE-2020-5241 (string)

STATE : PUBLIC (string)

TITLE : XSS/Script injection vulnerability in matestack (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : matestack-ui-core (string)

version : { »

version_data : [ »

0 : { »

version_value : < 0.7.4 (string)

}

]

}

]

}

vendor_name : matestack (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4. (string)

}

]

}

impact : { »

cvss : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.7 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N (string)

version : 3.1 (string)

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://github.com/matestack/matestack-ui-core/security/advisories/GHSA-3jqw-vv45-mjhh (string)

refsource : CONFIRM (string)

url : https://github.com/matestack/matestack-ui-core/security/advisories/GHSA-3jqw-vv45-mjhh (string)

}

]

}

source : { »

advisory : GHSA-3jqw-vv45-mjhh (string)

discovery : UNKNOWN (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-04T08:22:09.024Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/matestack/matestack-ui-core/security/advisories/GHSA-3jqw-vv45-mjhh (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : a0819718-46f1-4df5-94e2-005712e83aaa (string)

assignerShortName : GitHub_M (string)

cveId : CVE-2020-5241 (string)

datePublished : 2020-02-12T23:40:11 (string)

dateReserved : 2020-01-02T00:00:00 (string)

dateUpdated : 2024-08-04T08:22:09.024Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:matestack:ui-core:*:*:*:*:*:ruby:*:*", "matchCriteriaId": "90597F30-4CFD-4629-A64C-20EC9D6407C9", "versionEndExcluding": "0.7.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4."}, {"lang": "es", "value": "matestack-ui-core (RubyGem) versiones anteriores a 0.7.4, es vulnerable a un ataque de tipo XSS y a una inyecci\u00f3n de Script. Esta vulnerabilidad est\u00e1 parchada en la versi\u00f3n 0.7.4."}], "id": "CVE-2020-5241", "lastModified": "2024-11-21T05:33:44.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-13T00:15:11.497", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/matestack/matestack-ui-core/security/advisories/GHSA-3jqw-vv45-mjhh"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/matestack/matestack-ui-core/security/advisories/GHSA-3jqw-vv45-mjhh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-80"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:matestack:ui-core:*:*:*:*:*:ruby:*:* (string)

matchCriteriaId : 90597F30-4CFD-4629-A64C-20EC9D6407C9 (string)

versionEndExcluding : 0.7.4 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script injection. This vulnerability is patched in version 0.7.4. (string)

}

1 : { »

lang : es (string)

value : matestack-ui-core (RubyGem) versiones anteriores a 0.7.4, es vulnerable a un ataque de tipo XSS y a una inyección de Script. Esta vulnerabilidad está parchada en la versión 0.7.4. (string)

}

]

id : CVE-2020-5241 (string)

lastModified : 2024-11-21T05:33:44.803 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : LOW (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : NONE (string)

baseScore : 3.5 (number)

confidentialityImpact : NONE (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:S/C:N/I:P/A:N (string)

version : 2.0 (string)

}

exploitabilityScore : 6.8 (number)

impactScore : 2.9 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : true (boolean)

}

]

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : HIGH (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 7.7 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 1.3 (number)

impactScore : 5.8 (number)

source : security-advisories@github.com (string)

type : Secondary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : NONE (string)

baseScore : 5.4 (number)

baseSeverity : MEDIUM (string)

confidentialityImpact : LOW (string)

integrityImpact : LOW (string)

privilegesRequired : LOW (string)

scope : CHANGED (string)

userInteraction : REQUIRED (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (string)

version : 3.1 (string)

}

exploitabilityScore : 2.3 (number)

impactScore : 2.7 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2020-02-13T00:15:11.497 (string)

references : [ »

0 : { »

source : security-advisories@github.com (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://github.com/matestack/matestack-ui-core/security/advisories/GHSA-3jqw-vv45-mjhh (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://github.com/matestack/matestack-ui-core/security/advisories/GHSA-3jqw-vv45-mjhh (string)

}

]

sourceIdentifier : security-advisories@github.com (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-80 (string)

}

]

source : security-advisories@github.com (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-79 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object