CVE-2020-36625

22.12.2022, 10:15

A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is bebd256fc3063111fb4503ca25e005ebf6e73780. It is recommended to apply a patch to fix this issue. The identifier VDB-216521 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

CSRF

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
VulDB	CNA	4.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CISA-ADP	ADP	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 33%

Vendor	Product	Version
destiny	chat	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

References

https://github.com/destinygg/chat/commit/bebd256fc3063111fb4503ca25e005ebf6e73780

https://github.com/destinygg/chat/pull/35

https://vuldb.com/?id.216521

https://github.com/destinygg/chat/commit/bebd256fc3063111fb4503ca25e005ebf6e73780

https://github.com/destinygg/chat/pull/35

https://vuldb.com/?id.216521