CVE-2020-35774

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-35774

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-35774.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-35774

Aliases

GHSA-3mqv-8gxg-pfm4

Published

2020-12-29T18:15:13Z

Modified

2024-05-14T07:35:15.375178Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint.

References

Affected packages

Git / github.com/twitter/twitter-server

Affected ranges

Type: GIT
Repo: https://github.com/twitter/twitter-server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e0aeb87e89a6e6c711214ee2de0dd9f6e5f9cb6c

Affected versions

twitter-server-1.*

twitter-server-1.10.0

twitter-server-1.11.0

twitter-server-1.12.0

twitter-server-1.13.0

twitter-server-1.14.0

twitter-server-1.15.0

twitter-server-1.16.0

twitter-server-1.18.0

twitter-server-1.19.0

twitter-server-1.20.0

twitter-server-1.21.0

twitter-server-1.22.0

twitter-server-1.23.0

twitter-server-1.24.0

twitter-server-1.25.0

twitter-server-1.26.0

twitter-server-1.27.0

twitter-server-1.28.0

twitter-server-1.29.0

twitter-server-1.30.0

twitter-server-1.31.0

twitter-server-1.32.0

twitter-server-1.9.0

twitter-server-17.*

twitter-server-17.10.0

twitter-server-17.11.0

twitter-server-17.12.0

twitter-server-18.*

twitter-server-18.1.0

twitter-server-18.10.0

twitter-server-18.11.0

twitter-server-18.12.0

twitter-server-18.2.0

twitter-server-18.3.0

twitter-server-18.4.0

twitter-server-18.5.0

twitter-server-18.6.0

twitter-server-18.7.0

twitter-server-18.8.0

twitter-server-18.9.0

twitter-server-18.9.1

twitter-server-19.*

twitter-server-19.1.0

twitter-server-19.10.0

twitter-server-19.11.0

twitter-server-19.12.0

twitter-server-19.2.0

twitter-server-19.3.0

twitter-server-19.4.0

twitter-server-19.5.0

twitter-server-19.5.1

twitter-server-19.6.0

twitter-server-19.7.0

twitter-server-19.8.0

twitter-server-19.9.0

twitter-server-20.*

twitter-server-20.1.0

twitter-server-20.10.0

twitter-server-20.3.0

twitter-server-20.4.0

twitter-server-20.4.1

twitter-server-20.5.0

twitter-server-20.6.0

twitter-server-20.7.0

twitter-server-20.8.0

twitter-server-20.8.1

twitter-server-20.9.0

version-1.*

version-1.25.0