CVE-2020-28458 — HIGH (7.3)

Q: What is CVE-2020-28458?

CVE-2020-28458 is a vulnerability with a CVSS score of 7.3 (HIGH). All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.

Q: How severe is CVE-2020-28458?

CVE-2020-28458 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-28458?

Check the references section above for vendor advisories and patch information. Affected products include: Datatables Datatables.Net.

Vulnerability Description

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.

CVSS Score

7.3

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Datatables	Datatables.Net	< 1.10.23

Related Weaknesses (CWE)

CWE-1321

References

https://github.com/DataTables/DataTablesSrc/commit/a51cbe99fd3d02aa5582f97d4af16PatchThird Party Advisory
https://github.com/DataTables/Dist-DataTables/blob/master/js/jquery.dataTables.jBroken LinkThird Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1051961Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1051962Third Party Advisory
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1016402Third Party Advisory
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806ExploitThird Party Advisory
https://github.com/DataTables/DataTablesSrc/commit/a51cbe99fd3d02aa5582f97d4af16PatchThird Party Advisory
https://github.com/DataTables/Dist-DataTables/blob/master/js/jquery.dataTables.jBroken LinkThird Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1051961Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1051962Third Party Advisory
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1016402Third Party Advisory
https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806ExploitThird Party Advisory

FAQ

What is CVE-2020-28458?

CVE-2020-28458 is a vulnerability with a CVSS score of 7.3 (HIGH). All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.

How severe is CVE-2020-28458?

CVE-2020-28458 has been rated HIGH with a CVSS base score of 7.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-28458?

Check the references section above for vendor advisories and patch information. Affected products include: Datatables Datatables.Net.