Search criteria
2 vulnerabilities by datatables
CVE-2021-23445 (GCVE-0-2021-23445)
Vulnerability from cvelistv5 – Published: 2021-09-27 16:35 – Updated: 2024-09-16 18:39
VLAI
Title
Cross-site Scripting (XSS)
Summary
This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- Cross-site Scripting (XSS)
Assigner
References
7 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | datatables.net |
Affected:
unspecified , < 1.11.3
(custom)
|
Date Public
2021-09-27 00:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-23445",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T19:14:48.651246Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T19:14:56.106Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.898Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544"
},
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371"
},
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b"
},
{
"tags": [
"x_transferred"
],
"url": "https://cdn.datatables.net/1.11.3/"
},
{
"name": "[debian-lts-announce] 20230815 [SECURITY] [DLA 3529-1] datatables.js security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "datatables.net",
"vendor": "n/a",
"versions": [
{
"lessThan": "1.11.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alessio Della Libera of Snyk Research Team"
}
],
"datePublic": "2021-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitCodeMaturity": "PROOF_OF_CONCEPT",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"remediationLevel": "NOT_DEFINED",
"reportConfidence": "NOT_DEFINED",
"scope": "UNCHANGED",
"temporalScore": 3,
"temporalSeverity": "LOW",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site Scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:03.224Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1540544"
},
{
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1715371"
},
{
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1715376"
},
{
"url": "https://github.com/DataTables/Dist-DataTables/commit/59a8d3f8a3c1138ab08704e783bc52bfe88d7c9b"
},
{
"url": "https://cdn.datatables.net/1.11.3/"
},
{
"name": "[debian-lts-announce] 20230815 [SECURITY] [DLA 3529-1] datatables.js security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00018.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "Cross-site Scripting (XSS)"
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2021-23445",
"datePublished": "2021-09-27T16:35:18.234Z",
"dateReserved": "2021-01-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:39:20.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-28458 (GCVE-0-2020-28458)
Vulnerability from cvelistv5 – Published: 2020-12-16 10:35 – Updated: 2024-09-16 23:22
VLAI
Title
Prototype Pollution
Summary
All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.
Severity
7.3 (High)
CWE
- Prototype Pollution
Assigner
References
7 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | datatables.net |
Affected:
0 , < unspecified
(custom)
|
Date Public
2020-12-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:40:58.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1016402"
},
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1051961"
},
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1051962"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/DataTables/Dist-DataTables/blob/master/js/jquery.dataTables.js%23L2766"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/DataTables/DataTablesSrc/commit/a51cbe99fd3d02aa5582f97d4af1615d11a1ea03"
},
{
"tags": [
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "datatables.net",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alessio Della Libera (d3lla)"
}
],
"datePublic": "2020-12-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Prototype Pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:07:12.415Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1016402"
},
{
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1051961"
},
{
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1051962"
},
{
"url": "https://github.com/DataTables/Dist-DataTables/blob/master/js/jquery.dataTables.js%23L2766"
},
{
"url": "https://github.com/DataTables/DataTablesSrc/commit/a51cbe99fd3d02aa5582f97d4af1615d11a1ea03"
},
{
"url": "https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
}
],
"title": "Prototype Pollution"
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-28458",
"datePublished": "2020-12-16T10:35:20.456Z",
"dateReserved": "2020-11-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:22:14.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}