Decal Package extend Remote Code Execution

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical was found in Decal Package (affected version unknown). Applying a patch is able to eliminate this problem. The bugfix is ready for download at github.com.

Field02/04/2021 06:57 PM02/23/2021 03:18 PM
nameDecal PackageDecal Package
functionextendextend
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iLL
cvss3_vuldb_aLL
identifierSNYK-JS-DECAL-1051028SNYK-JS-DECAL-1051028
urlhttps://snyk.io/vuln/SNYK-JS-DECAL-1051028https://snyk.io/vuln/SNYK-JS-DECAL-1051028
namePatchPatch
patch_urlhttps://github.com/gigafied/decal.js/blob/master/src/utils/extend.js%23L23-L56https://github.com/gigafied/decal.js/blob/master/src/utils/extend.js%23L23-L56
cveCVE-2020-28450CVE-2020-28450
date1612393200 (02/04/2021)1612393200 (02/04/2021)
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss2_vuldb_basescore7.57.5
cvss2_vuldb_tempscore7.57.5
cvss3_vuldb_basescore7.37.3
cvss3_vuldb_tempscore7.37.3
cvss3_meta_basescore7.37.3
cvss3_meta_tempscore7.37.3
price_0day$0-$5k$0-$5k
cve_assigned1605135600
cve_nvd_summaryThis affects all versions of package decal. The vulnerability is in the extend function.

Interested in the pricing of exploits?

See the underground prices here!