Prototype Pollution
CVE-2020-28458

7.3HIGH

Key Information:

Vendor: Datatables
Status: Datatables.net
Vendor: CVE Published:; 16 December 2020

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2020-28458?

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.

Affected Version(s)

datatables.net 0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-28458
Created by fazilbaig1

References

https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1016402

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1051961

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1051962

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 19, 2024
👾
Exploit known to exist
Oct 19, 2024
Vulnerability published
Dec 16, 2020
Vulnerability Reserved
Nov 12, 2020

Credit

Alessio Della Libera (d3lla)

JSON

Datatables