CVE-2020-7764 Security Vulnerability & Exploit Details

CVE-2020-7764
Vulnerability Scoring

5.9

/10

Attack Complexity Details

Attack Complexity: HIGH IMPACT
Attack Vector: NETWORK
Privileges Required: None
Scope: UNCHANGED
User Interaction: NONE

CIA Impact Definition

Confidentiality:
Integrity:
Availability: HIGH IMPACT

CVE-2020-7764 Vulnerability Summary

This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack.

Access Complexity Graph for CVE-2020-7764

Impact Analysis for CVE-2020-7764

CVE-2020-7764: Detailed Information and External References

EPSS

0.00105

EPSS %

0.44645

References

0.00105

CWE

CWE-444

CAPEC

0.00105

HTTP Response Smuggling: An adversary manipulates and injects malicious content in the form of secret unauthorized HTTP responses, into a single HTTP response from a vulnerable or compromised back-end HTTP agent (e.g., server). See CanPrecede relationships for possible consequences. Modification/manipulation of HTTP message headers, request-line and body parameters to disrupt and interfere in the interpretation and parsing of HTTP message lengths/boundaries for consecutive HTTP messages by HTTP agents in a HTTP chain or network path.
HTTP Request Smuggling: An adversary abuses the flexibility and discrepancies in the parsing and interpretation of HTTP Request messages using various HTTP headers, request-line and body parameters as well as message sizes (denoted by the end of message signaled by a given HTTP header) by different intermediary HTTP agents (e.g., load balancer, reverse proxy, web caching proxies, application firewalls, etc.) to secretly send unauthorized and malicious HTTP requests to a back-end HTTP agent (e.g., web server). See CanPrecede relationships for possible consequences. Modification/manipulation of HTTP message headers, request-line and body parameters to disrupt and interfere in the interpretation and parsing of HTTP message lengths/boundaries for consecutive HTTP messages by HTTP agents in a HTTP chain or network path.

Vulnerable Configurations

cpe:2.3:a:find-my-way_project:find-my-way:-:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:-:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:0.1.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:0.2.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:0.2.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:0.2.3:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:0.2.4:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.0.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.7.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.8.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.10.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.10.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.10.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.10.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.10.3:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.10.3:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.10.4:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.10.4:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.11.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.11.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.11.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.12.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.12.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.13.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.13.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.14.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.14.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.14.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.15.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.15.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.15.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.15.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.15.3:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.15.3:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.15.4:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.15.4:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.16.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.16.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.17.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.17.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.17.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.17.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.18.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.18.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.18.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:1.18.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:find-my-way_project:find-my-way:3.0.4:*:*:*:*:*:*:*

CVSS3 Source

report@snyk.io

CVSS3 Type

Secondary

CVSS3 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Protect Your Infrastructure: Combat Critical CVE Threats

Stay updated with real-time CVE vulnerabilities and take action to secure your systems. Enhance your cybersecurity posture with the latest threat intelligence and mitigation techniques. Develop the skills necessary to defend against CVEs and secure critical infrastructures. Join the top cybersecurity professionals safeguarding today's infrastructures.

CVE-2020-7764: Vulnerability Analysis & Exploit Details

CVE-2020-7764
Vulnerability Scoring

Attack Complexity Details

CIA Impact Definition

CVE-2020-7764 Vulnerability Summary

Access Complexity Graph for CVE-2020-7764

Impact Analysis for CVE-2020-7764

CVE-2020-7764: Detailed Information and External References

References

CWE

CAPEC

Vulnerable Configurations

CVSS3 Source

CVSS3 Type

CVSS3 Vector

Protect Your Infrastructure: Combat Critical CVE Threats

Recently Published CVEs

CVE-2020-7764: Vulnerability Analysis & Exploit Details

CVE-2020-7764 Vulnerability Scoring

Attack Complexity Details

CIA Impact Definition

CVE-2020-7764 Vulnerability Summary

Access Complexity Graph for CVE-2020-7764

Impact Analysis for CVE-2020-7764

CVE-2020-7764: Detailed Information and External References

References

CWE

CAPEC

Vulnerable Configurations

CVSS3 Source

CVSS3 Type

CVSS3 Vector

Protect Your Infrastructure: Combat Critical CVE Threats

Recently Published CVEs

CVE-2020-7764
Vulnerability Scoring