Vulnerability Description
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Find-My-Way Project | Find-My-Way | < 2.2.5 |
Related Weaknesses (CWE)
References
- https://github.com/delvedor/find-my-way/commit/ab408354690e6b9cf3c4724befb3b3fa4PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-FINDMYWAY-1038269Third Party Advisory
- https://github.com/delvedor/find-my-way/commit/ab408354690e6b9cf3c4724befb3b3fa4PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-FINDMYWAY-1038269Third Party Advisory
FAQ
What is CVE-2020-7764?
CVE-2020-7764 is a vulnerability with a CVSS score of 5.9 (MEDIUM). This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denia...
How severe is CVE-2020-7764?
CVE-2020-7764 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7764?
Check the references section above for vendor advisories and patch information. Affected products include: Find-My-Way Project Find-My-Way.