CVE-2019-10790 (GCVE-0-2019-10790)

Vulnerability from cvelistv5 – Published: 2020-02-17 00:00 – Updated: 2024-08-04 22:32
VLAI?
Summary
taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB.
Severity ?
No CVSS data available.
CWE
  • Authorization Bypass Through User-Controlled Key
Assigner
References
Impacted products
Vendor Product Version
n/a taffy npm module Affected: All versions including 2.6.2
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:32:01.575Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JS-TAFFY-546521"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "taffy npm module",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions including 2.6.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-17T00:00:00",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "url": "https://snyk.io/vuln/SNYK-JS-TAFFY-546521"
        },
        {
          "url": "https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2019-10790",
    "datePublished": "2020-02-17T00:00:00",
    "dateReserved": "2019-04-03T00:00:00",
    "dateUpdated": "2024-08-04T22:32:01.575Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:taffydb:taffy:*:*:*:*:*:node.js:*:*\", \"versionEndIncluding\": \"2.6.2\", \"matchCriteriaId\": \"E97730C5-F4C0-443D-A291-8979923310A5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB.\"}, {\"lang\": \"es\", \"value\": \"taffy versiones hasta 2.6.2, permite a atacantes forjar la incorporaci\\u00f3n de propiedades adicionales en la entrada del usuario procesada por taffy que puede permitir el acceso a cualquiera de los elementos de datos en la base de datos. taffy establece un \\u00edndice interno para cada elemento de datos en su base de datos. Sin embargo, se encuentra que el \\u00edndice interno puede ser falsificado agregando propiedades adicionales en la entrada del usuario. Si el \\u00edndice se encuentra en la consulta, taffyDB ignorar\\u00e1 otras condiciones de consulta y devolver\\u00e1 directamente el elemento de datos indexado. Adem\\u00e1s, el \\u00edndice interno est\\u00e1 en un formato f\\u00e1cil de adivinar (por ejemplo, T000002R000001). Como tal, los atacantes pueden utilizar esta vulnerabilidad para acceder a cualquier elemento de datos en la base de datos.\"}]",
      "id": "CVE-2019-10790",
      "lastModified": "2024-11-21T04:19:55.603",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-02-17T20:15:10.943",
      "references": "[{\"url\": \"https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450\", \"source\": \"report@snyk.io\"}, {\"url\": \"https://snyk.io/vuln/SNYK-JS-TAFFY-546521\", \"source\": \"report@snyk.io\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://snyk.io/vuln/SNYK-JS-TAFFY-546521\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "report@snyk.io",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-668\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-10790\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2020-02-17T20:15:10.943\",\"lastModified\":\"2024-11-21T04:19:55.603\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"taffydb npm module, vulnerable in all versions up to and including 2.7.3, allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properties into user-input. If index is found in the query, taffyDB will ignore other query conditions and directly return the indexed data item. Moreover, the internal index is in an easily-guessable format (e.g., T000002R000001). As such, attackers can use this vulnerability to access any data items in the DB.\"},{\"lang\":\"es\",\"value\":\"taffy versiones hasta 2.6.2, permite a atacantes forjar la incorporaci\u00f3n de propiedades adicionales en la entrada del usuario procesada por taffy que puede permitir el acceso a cualquiera de los elementos de datos en la base de datos. taffy establece un \u00edndice interno para cada elemento de datos en su base de datos. Sin embargo, se encuentra que el \u00edndice interno puede ser falsificado agregando propiedades adicionales en la entrada del usuario. Si el \u00edndice se encuentra en la consulta, taffyDB ignorar\u00e1 otras condiciones de consulta y devolver\u00e1 directamente el elemento de datos indexado. Adem\u00e1s, el \u00edndice interno est\u00e1 en un formato f\u00e1cil de adivinar (por ejemplo, T000002R000001). Como tal, los atacantes pueden utilizar esta vulnerabilidad para acceder a cualquier elemento de datos en la base de datos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-668\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:taffydb:taffy:*:*:*:*:*:node.js:*:*\",\"versionEndIncluding\":\"2.6.2\",\"matchCriteriaId\":\"E97730C5-F4C0-443D-A291-8979923310A5\"}]}]}],\"references\":[{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450\",\"source\":\"report@snyk.io\"},{\"url\":\"https://snyk.io/vuln/SNYK-JS-TAFFY-546521\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://security.snyk.io/vuln/SNYK-JS-TAFFYDB-2992450\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://snyk.io/vuln/SNYK-JS-TAFFY-546521\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.