UBUNTU-CVE-2020-36632

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-36632

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-36632.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2020-36632

Related

CVE-2020-36632

Published

2022-12-25T20:15:00Z

Modified

2025-04-23T15:07:06Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to initiate the attack remotely. Upgrading to version 5.0.1 is able to address this issue. The name of the patch is 20ef0ef55dfa028caddaedbcb33efbdb04d18e13. It is recommended to upgrade the affected component. The identifier VDB-216777 was assigned to this vulnerability.

References

Affected packages

Ubuntu:22.04:LTS / qt6-webengine

Package

Name: qt6-webengine
Purl: pkg:deb/ubuntu/qt6-webengine@6.2.4+dfsg-6ubuntu1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.2.2+dfsg-6ubuntu2

6.2.4+dfsg-1ubuntu1

6.2.4+dfsg-1ubuntu2

6.2.4+dfsg-6ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / qt6-webengine

Package

Name: qt6-webengine
Purl: pkg:deb/ubuntu/qt6-webengine@6.6.2+dfsg-5ubuntu2?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.2-final+dfsg-12ubuntu9

6.6.2+dfsg-3

6.6.2+dfsg-4

6.6.2+dfsg-5ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / qt6-webengine

Package

Name: qt6-webengine
Purl: pkg:deb/ubuntu/qt6-webengine@6.4.2-final+dfsg-12ubuntu9?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.4.2-final+dfsg-11

6.4.2-final+dfsg-12

6.4.2-final+dfsg-12build1

6.4.2-final+dfsg-12ubuntu1

6.4.2-final+dfsg-12ubuntu7

6.4.2-final+dfsg-12ubuntu9

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / qt6-webengine

Package

Name: qt6-webengine
Purl: pkg:deb/ubuntu/qt6-webengine@6.8.3+dfsg-0ubuntu1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.6.2+dfsg-5ubuntu2

6.7.2+dfsg-5

6.7.2+dfsg-8

6.8.1+dfsg-0ubuntu1

6.8.2+dfsg-0ubuntu2

6.8.2+dfsg-3fakesync1

6.8.3+dfsg-0ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}