Moderate severityNVD Advisory· Published Nov 8, 2020· Updated Sep 17, 2024
Web Cache Poisoning
CVE-2020-7764
Description
This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
find-my-waynpm | < 2.2.5 | 2.2.5 |
find-my-waynpm | >= 3.0.0, < 3.0.5 | 3.0.5 |
Affected products
2- find-my-way/find-my-waydescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-jgrh-5m3h-9c5fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7764ghsaADVISORY
- github.com/delvedor/find-my-way/commit/ab408354690e6b9cf3c4724befb3b3fa4bb90aacghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-FINDMYWAY-1038269ghsax_refsource_MISCWEB
- www.npmjs.com/package/find-my-wayghsaWEB
News mentions
0No linked articles in our index yet.