CVE-2020-35579

Published: Dic 20, 2020 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2020-23245 Aliases: GSD-2020-35579
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
MEDIUM 5,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: none
Integrity: none
Availability: partial

Description

AI Translation Available

tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a request loop and a denial of service may occur.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0043
Percentile
0,6th
Updated

EPSS Score Trend (Last 91 Days)

Application

Subconverter by Subconverter Project

Product Information
Vendor Subconverter Project
Product Subconverter
Version 0.6.4
cpe:2.3:a:subconverter_project:subconverter:0.6.4:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/tindy2013/subconverter/issues/284
Exploit Third Party Advisory
https://github.com/tindy2013/subconverter/issues/284
https://github.com/tindy2013/subconverter/issues/284
Exploit Third Party Advisory
https://github.com/tindy2013/subconverter/issues/284