| Advisory
Products
MOOLE SCA
Continuous visibility into open-source risk
MOOLE Container Security
End-to-end container defense across the SDLC
MOOLE SAST
Static application security testing for source code
About Us
CVE-2020-7689
Vulnerability Database
npm
CVE-2020-7689
Base Score
HIGH
7.5
CVE-2020-7689
Data is truncated wrong when its length is greater than 255 bytes.
Vector
NETWORK
Published By
report@snyk.io
Published Date
Jul 01, 2020, 14:15
Affected Versions
(1)
bcrypt
(npm)
Introduced
0
Fixed
5.0.0
Limit
N/A
Package (Ecosystem)
Introduced
Fixed
Limit
bcrypt
(npm)
0
5.0.0
N/A
Weakness Type (CWE)
:
CWE-190
CVSS Metrics
CVSS v3.1
CVSS v2
Base Score
7.5
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Severity
HIGH
Version
3.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality (C)
NONE
Integrity (I)
HIGH
Availability (A)
NONE
References
https://github.com/kelektiv/node.bcrypt.js/issues/776
https://github.com/kelektiv/node.bcrypt.js/pull/806
https://github.com/kelektiv/node.bcrypt.js/pull/807
https://snyk.io/vuln/SNYK-JS-BCRYPT-572911
Base Score
HIGH
7.5
Weakness Type (CWE)
:
CWE-190
CVSS Metrics
CVSS v3.1
CVSS v2
Base Score
7.5
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Severity
HIGH
Version
3.1
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality (C)
NONE
Integrity (I)
HIGH
Availability (A)
NONE
