CVE-2019-10790

taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450
https://snyk.io/vuln/SNYK-JS-TAFFY-546521	Exploit Third Party Advisory
https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450
https://snyk.io/vuln/SNYK-JS-TAFFY-546521	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:taffydb:taffy:*:*:*:*:*:node.js:*:*

History

21 Nov 2024, 04:19

Type	Values Removed	Values Added
References	~~() https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450 -~~	() https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450 -
References	~~() https://snyk.io/vuln/SNYK-JS-TAFFY-546521 - Exploit, Third Party Advisory~~	() https://snyk.io/vuln/SNYK-JS-TAFFY-546521 - Exploit, Third Party Advisory

Information

Published : 2020-02-17 20:15

Updated : 2024-11-21 04:19

NVD link : CVE-2019-10790

Mitre link : CVE-2019-10790

CVE.ORG link : CVE-2019-10790

JSON object : View

Products Affected

taffydb

taffy

CWE

CWE-668

Exposure of Resource to Wrong Sphere

{"id": "CVE-2019-10790", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-02-17T20:15:10.943", "references": [{"url": "https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450", "source": "report@snyk.io"}, {"url": "https://snyk.io/vuln/SNYK-JS-TAFFY-546521", "tags": ["Exploit", "Third Party Advisory"], "source": "report@snyk.io"}, {"url": "https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://snyk.io/vuln/SNYK-JS-TAFFY-546521", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-668"}]}], "descriptions": [{"lang": "en", "value": "taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB."}, {"lang": "es", "value": "taffy versiones hasta 2.6.2, permite a atacantes forjar la incorporaci\u00f3n de propiedades adicionales en la entrada del usuario procesada por taffy que puede permitir el acceso a cualquiera de los elementos de datos en la base de datos. taffy establece un \u00edndice interno para cada elemento de datos en su base de datos. Sin embargo, se encuentra que el \u00edndice interno puede ser falsificado agregando propiedades adicionales en la entrada del usuario. Si el \u00edndice se encuentra en la consulta, taffyDB ignorar\u00e1 otras condiciones de consulta y devolver\u00e1 directamente el elemento de datos indexado. Adem\u00e1s, el \u00edndice interno est\u00e1 en un formato f\u00e1cil de adivinar (por ejemplo, T000002R000001). Como tal, los atacantes pueden utilizar esta vulnerabilidad para acceder a cualquier elemento de datos en la base de datos."}], "lastModified": "2024-11-21T04:19:55.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:taffydb:taffy:*:*:*:*:*:node.js:*:*", "vulnerable": true, "matchCriteriaId": "E97730C5-F4C0-443D-A291-8979923310A5", "versionEndIncluding": "2.6.2"}], "operator": "OR"}]}], "sourceIdentifier": "report@snyk.io"}