Vulnerability Name:

CVE-2020-7753 (CCN-190630)

Assigned:2020-10-27
Published:2020-10-27
Updated:2022-04-26
Summary:All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:R)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-400
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-7753

Source: XF
Type: UNKNOWN
trim-cve20207753-dos(190630)

Source: CCN
Type: trim GIT Repository
trim

Source: MISC
Type: Broken Link, Third Party Advisory
https://github.com/component/trim/blob/master/index.js%23L6

Source: MLIST
Type: Mailing List, Third Party Advisory
[airflow-commits] 20210511 [GitHub] [airflow] ryanahamilton commented on pull request #15782: Bump ``trim`` to fix ``CVE-2020-7753``

Source: MLIST
Type: Mailing List, Third Party Advisory
[airflow-commits] 20210511 [GitHub] [airflow] kaxil closed pull request #15782: Bump ``trim`` to fix ``CVE-2020-7753``

Source: MLIST
Type: Mailing List, Third Party Advisory
[airflow-commits] 20210511 [GitHub] [airflow] kaxil opened a new pull request #15782: Bump ``trim`` to fix ``CVE-2020-7753``

Source: MLIST
Type: Mailing List, Third Party Advisory
[airflow-commits] 20210511 [GitHub] [airflow] github-actions[bot] commented on pull request #15782: Bump ``trim`` to fix ``CVE-2020-7753``

Source: MLIST
Type: Mailing List, Third Party Advisory
[airflow-commits] 20210511 [GitHub] [airflow] ryanahamilton closed pull request #15782: Bump ``trim`` to fix ``CVE-2020-7753``

Source: MISC
Type: Exploit, Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1022132

Source: CCN
Type: SNYK-JS-TRIM-1017038
Regular Expression Denial of Service (ReDoS)

Source: MISC
Type: Exploit, Third Party Advisory
https://snyk.io/vuln/SNYK-JS-TRIM-1017038

Source: CCN
Type: IBM Security Bulletin 6612727 (Cloud Pak System Software)
Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System

Source: CCN
Type: IBM Security Bulletin 6838293 (QRadar Assistant)
IBM QRadar Assistant app for IBM QRadar SIEM includes components with multiple known vulnerabilities

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-7753

Vulnerable Configuration:Configuration 1:
  • cpe:/a:trim_project:trim:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:8169
    P
    Security update for SUSE Manager Client Tools (Important)
    2023-06-21
    BACK
    trim_project trim *