CVE-2020-7777 - OpenCVE

This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jsen Project	Jsen

Configuration 1 [-]

cpe:2.3:a:jsen_project:jsen:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/bugventure/jsen/blob/master/lib/jsen.js%23L875
https://snyk.io/vuln/SNYK-JS-JSEN-1014670

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2020-11-23T15:40:15.585078Z

Updated: 2024-09-17T01:01:16.176Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7777

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-11-23T16:15:13.603

Modified: 2020-12-03T20:48:30.380

Link: CVE-2020-7777

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "jsen", "vendor": "n/a", "versions": [{"lessThan": "unspecified", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Alessio Della Libera (d3lla)"}], "datePublic": "2020-11-23T00:00:00", "descriptions": [{"lang": "en", "value": "This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitCodeMaturity": "PROOF_OF_CONCEPT", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "remediationLevel": "UNAVAILABLE", "reportConfidence": "CONFIRMED", "scope": "UNCHANGED", "temporalScore": 6.8, "temporalSeverity": "MEDIUM", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"description": "Arbitrary Code Execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-11-23T15:40:15", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-JSEN-1014670"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/bugventure/jsen/blob/master/lib/jsen.js%23L875"}], "title": "Arbitrary Code Execution", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "DATE_PUBLIC": "2020-11-23T15:39:43.075632Z", "ID": "CVE-2020-7777", "STATE": "PUBLIC", "TITLE": "Arbitrary Code Execution"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "jsen", "version": {"version_data": [{"version_affected": ">=", "version_value": "0"}]}}]}, "vendor_name": "n/a"}]}}, "credit": [{"lang": "eng", "value": "Alessio Della Libera (d3lla)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Arbitrary Code Execution"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-JSEN-1014670", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-JSEN-1014670"}, {"name": "https://github.com/bugventure/jsen/blob/master/lib/jsen.js%23L875", "refsource": "MISC", "url": "https://github.com/bugventure/jsen/blob/master/lib/jsen.js%23L875"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:41:01.608Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JS-JSEN-1014670"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/bugventure/jsen/blob/master/lib/jsen.js%23L875"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7777", "datePublished": "2020-11-23T15:40:15.585078Z", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-09-17T01:01:16.176Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jsen_project:jsen:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "513CE3A9-7F6B-4FDE-A248-7F160B474D48", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution."}, {"lang": "es", "value": "Esto afecta a todas las versiones del paquete jsen. Si un atacante puede controlar el archivo de esquema, podr\u00eda ejecutar c\u00f3digo JavaScript arbitrario en la m\u00e1quina v\u00edctima. En la descripci\u00f3n del m\u00f3dulo y el archivo README no son mencionados los riesgos de los archivos de esquema que no son confiables, as\u00ed que supongo que esto es aplicable. En particular, el campo requerido del esquema no es saneado apropiadamente. La cadena resultante que es construida seg\u00fan la definici\u00f3n del esquema es pasada luego a una funci\u00f3n Function.apply();, conllevando a una Ejecuci\u00f3n de C\u00f3digo Arbitraria"}], "id": "CVE-2020-7777", "lastModified": "2020-12-03T20:48:30.380", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "report@snyk.io", "type": "Primary"}]}, "published": "2020-11-23T16:15:13.603", "references": [{"source": "report@snyk.io", "tags": ["Broken Link"], "url": "https://github.com/bugventure/jsen/blob/master/lib/jsen.js%23L875"}, {"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-JSEN-1014670"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}