What is CVE-2017-20160?

CVE-2017-20160 is a medium-severity vulnerability in Flitto Express-param, classified under CWE-235. CVSS score: 6.3/10. Published 2022-12-31.

How severe is CVE-2017-20160?

Medium severity. CVSS v3 base score is 6.3 out of 10.

Vulnerability in Flitto Express-param

CVE-2017-20160

A vulnerability was found in flitto express-param up to 0.x. It has been classified as critical. This affects an unknown part of the file lib/fetchParams.js. The manipulation leads to improper handling of extra parameters. It is possible t…

EPSS: 0.006 (69.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

Flitto Express-param — versions 0.x

Weakness classification (CWE)

CWE-235

References

vuldb.com/ (technical-description, vdb-entry)
vuldb.com/ (signature, permissions-required)
github.com/flitto/express-param/pull/19 (issue-tracking)
github.com/flitto/express-param/commit/db94f7391ad0a16dcfcba8b9be1af385b25c42db (patch)
github.com/flitto/express-param/releases/tag/1.0.0 (patch)

Frequently asked questions

What is CVE-2017-20160?: CVE-2017-20160 is a medium-severity vulnerability in Flitto Express-param, classified under CWE-235. CVSS score: 6.3/10. Published 2022-12-31.
How severe is CVE-2017-20160?: Medium severity. CVSS v3 base score is 6.3 out of 10.