CVE-2020-7764

Summary

This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack.

Affected Software

VendorProductVersion RangeStatus
n/afind-my-wayunspecified < 2.2.5affected
n/afind-my-way3.0.0 < unspecifiedaffected
n/afind-my-wayunspecified < 3.0.5affected

Weaknesses

  • Web Cache Poisoning

ADP Enrichment

CVE Program Container

Additional References

References