Home > Vulnerability Database > CVE-2020-36661

Mend.io Vulnerability Database

CVE-2020-36661

Good to know:

Date: February 12, 2023

A vulnerability was found in Kong lua-multipart 0.5.8-1. It has been declared as problematic. This vulnerability affects the function is_header of the file src/multipart.lua. The manipulation leads to inefficient regular expression complexity. Upgrading to version 0.5.9-1 is able to address this issue. The patch is identified as d632e5df43a2928fd537784a99a79dec288bf01b. It is recommended to upgrade the affected component. VDB-220642 is the identifier assigned to this vulnerability.

Language: LUA

Severity Score

7.5

Related Resources (7)

Url: https://github.com/Kong/lua-multipart/pull/34

Url: https://vuldb.com/?id.220642

Url: https://github.com/Kong/lua-multipart/releases/tag/0.5.9-1

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-36661

Url: https://vuldb.com/?ctiid.220642

Url: https://github.com/Kong/lua-multipart/commit/d632e5df43a2928fd537784a99a79dec288bf01b

Url: https://www.mend.io/vulnerability-database/CVE-2020-36661

Severity Score

7.5

Weakness Type (CWE)

Inefficient Regular Expression Complexity

CWE-1333

Top Fix

Upgrade Version

Upgrade to version 0.5.9-1

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	2.7
Access Vector (AV):	ADJACENT
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-36661

Good to know:

Date: February 12, 2023

Language: LUA

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?