CVE-2020-27996

Sažetak

An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations.

Reference

https://github.com/smartstore/SmartStoreNET/commit/8702c6140f4fc91956ef35dba12d24492fb3f768
https://github.com/smartstore/SmartStoreNET/compare/4.0.0...4.0.1
https://securitylab.github.com/advisories/GHSL-2020-138-139-SmartstoreAG-SmartStoreNET

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

04-03-2021 - 20:09

Objavljeno

29-10-2020 - 18:15