CVE-2020-7660

Aliases:GHSA-hxcc-f52p-wc94
Advisory lineage Upstream: 0 Downstream: 2
Modified
Published: 01 Jun 2020, 14:50
Last modified:04 Aug 2024, 09:33

Vulnerability Summary

Overall Risk (default)
medium
33/100
CVSS Score
8.1 HIGH
v3.1 (nvd)
EPSS Score
2.9% LOW
3% probability +0.55%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

01 Jun 2020, 14:50
Published
Vulnerability first disclosed
04 Aug 2024, 09:33
Last Modified
Vulnerability information updated

Description

serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the function "deleteFunctions" within "index.js".

CVSS Metrics

  • v3.1HIGHScore: 8.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • v2.0MEDIUMScore: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 2.90% Percentile: 87%

Techniques & Countermeasures

  • CWE-502Deserialization of Untrusted Data

    The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

Affected Systems

  • Npmserialize-javascript

    < 3.1.0

  • verizonserialize-javascript

    < 3.1.0

References (3)