CVE-2017-20160

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2017-20160

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-20160.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2017-20160

Aliases

GHSA-fr54-72wr-cqvq

Published

2022-12-31T20:15:08.693Z

Modified

2026-04-02T00:09:08.435872Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handling of extra parameters. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. The identifier of the patch is db94f7391ad0a16dcfcba8b9be1af385b25c42db. It is recommended to upgrade the affected component. The identifier VDB-217149 was assigned to this vulnerability.

References

Affected packages

Git / github.com/flitto/express-param

Affected ranges

Type

GIT

Repo

https://github.com/flitto/express-param

Events

Introduced

Fixed

117b73edbc32e5f182fd99eb617e2eb140efa46a

Fixed

db94f7391ad0a16dcfcba8b9be1af385b25c42db

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.0"
        }
    ]
}

Affected versions

0.*

0.1

0.1.1

0.2.0

0.3.0

0.4

0.5

0.5.1

0.5.2

0.5.3

0.5.8

0.7.5

0.8.0

0.8.1

Other

addCntry

addDescription

addIpInfo

emptyObj

extraOpt

modifyGeoAssign

modifyVersion

realHotfix

setReqVal

undefinedParam

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-20160.json"