Lucene search

MitreCVE-2020-23260

HistoryApr 04, 2023 - 3:15 p.m.

CVE-2020-23260

2023-04-0415:15:08

CWE-787

mitre

web.nvd.nist.gov

cve-2020-23260

jsish

denial of service

nvd

security issue

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

40.0%

JSON

An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file.

Affected configurations

Nvd

Node

jsishjsishRange≤3.0.11

VendorProductVersionCPE
jsishjsish*cpe:2.3:a:jsish:jsish:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jsish	jsish	*	cpe:2.3:a:jsish:jsish::::::::

References

github.com/pcmacdon/jsish/issues/14

jsish.org/fossil/jsi2/tktview?name=3e211e44b1

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.3

Confidence

High

EPSS

0.001

Percentile

40.0%

JSON

Related for CVE-2020-23260