CVE-2020-36649

A vulnerability was found in mholt PapaParse up to 5.1.x. It has been classified as problematic. Affected is an unknown function of the file papaparse.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 5.2.0 is able to address this issue. The name of the patch is 235a12758cd77266d2e98fd715f53536b34ad621. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-218004.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 LOW
ADJACENT_NETWORK
LOW
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
VulDBCNA
3.5 LOW
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
VendorProductVersion
papaparsepapaparse
5.1.0 ≤
𝑥
< 5.2.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mediawiki
bullseye
1:1.35.13-1+deb11u2
fixed
buster
not-affected
bullseye (security)
1:1.35.13-1+deb11u3
fixed
bookworm
1:1.39.7-1~deb12u1
fixed
bookworm (security)
1:1.39.10-1~deb12u1
fixed
sid
1:1.39.10-1
fixed
trixie
1:1.39.10-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mediawiki
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
ignored
trusty
ignored
Common Weakness Enumeration
References
https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621
https://github.com/mholt/PapaParse/issues/777
https://github.com/mholt/PapaParse/pull/779
https://github.com/mholt/PapaParse/releases/tag/5.2.0
https://vuldb.com/?ctiid.218004
https://vuldb.com/?id.218004
https://github.com/mholt/PapaParse/commit/235a12758cd77266d2e98fd715f53536b34ad621
https://github.com/mholt/PapaParse/issues/777
https://github.com/mholt/PapaParse/pull/779
https://github.com/mholt/PapaParse/releases/tag/5.2.0
https://vuldb.com/?ctiid.218004
https://vuldb.com/?id.218004