Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3MjYtM3ZnOS1jcDM0
Missing Authorization in FastReport
An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress.
Permalink: https://github.com/advisories/GHSA-v726-3vg9-cp34JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3MjYtM3ZnOS1jcDM0
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 2 years ago
Updated: about 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-v726-3vg9-cp34, CVE-2020-27998
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-27998
- https://github.com/FastReports/FastReport/pull/206
- https://github.com/FastReports/FastReport/compare/v2020.3.0...v2020.4.0
- https://opensource.fast-report.com/2020/09/report-script-security.html
- https://securitylab.github.com/advisories/GHSL-2020-143-FastReportsInc-FastReports
- https://github.com/advisories/GHSA-v726-3vg9-cp34
Blast Radius: 1.0
Affected Packages
nuget:FastReport.OpenSource
Dependent packages: 0Dependent repositories: 0
Downloads: 1,382,001 total
Affected Version Ranges: < 2020.4.0
Fixed in: 2020.4.0
All affected versions: 2018.4.7, 2018.4.9, 2018.4.16, 2019.1.0, 2019.1.20, 2019.2.0, 2019.3.0, 2019.3.13, 2019.3.19, 2020.1.20, 2020.1.25, 2020.1.28, 2020.2.0, 2020.2.9, 2020.3.0, 2020.3.1, 2020.3.4, 2020.3.10, 2020.3.14, 2020.3.17, 2020.3.21, 2020.3.22
All unaffected versions: 2020.4.0, 2020.4.3, 2020.4.4, 2020.4.5, 2020.4.6, 2020.4.7, 2020.4.8, 2020.4.9, 2020.4.10, 2020.4.11, 2021.1.0, 2021.1.2, 2021.1.7, 2021.1.17, 2021.1.20, 2021.2.0, 2021.2.6, 2021.2.7, 2021.2.11, 2021.2.14, 2021.3.0, 2021.3.1, 2021.3.4, 2021.3.6, 2021.3.13, 2021.3.14, 2021.3.15, 2021.3.17, 2021.3.22, 2021.3.27, 2021.3.28, 2021.3.29, 2021.3.30, 2021.4.0, 2021.4.3, 2021.4.6, 2021.4.12, 2021.4.13, 2021.4.15, 2021.4.16, 2022.1.0, 2022.1.9, 2022.1.10, 2022.1.11, 2022.1.13, 2022.1.14, 2022.2.0, 2022.2.2, 2022.2.7, 2022.2.9, 2022.2.11, 2022.2.12, 2022.2.13, 2022.2.14, 2022.2.15, 2022.2.16, 2022.2.17, 2022.2.18, 2022.3.0, 2022.3.4, 2022.3.6, 2022.3.8, 2022.3.9, 2022.3.10, 2022.3.11, 2022.3.12, 2022.3.13, 2022.3.14, 2022.3.15, 2023.1.0, 2023.1.1, 2023.1.6, 2023.1.8, 2023.1.9, 2023.1.10, 2023.1.11, 2023.1.12, 2023.1.13, 2023.2.0, 2023.2.2, 2023.2.3, 2023.2.4, 2023.2.5, 2023.2.6, 2023.2.7, 2023.2.8, 2023.2.9, 2023.2.10, 2023.2.12, 2023.2.13, 2023.2.14, 2023.2.15, 2023.2.16, 2023.2.17, 2023.2.18, 2023.2.19, 2023.2.20, 2023.2.23, 2023.2.24, 2023.2.25, 2023.2.26, 2023.2.27, 2023.2.29, 2023.3.0, 2023.3.1, 2023.3.2, 2023.3.3, 2023.3.4, 2023.3.5, 2023.3.7, 2023.3.9, 2023.3.10, 2023.3.11, 2023.3.12, 2023.3.13, 2024.1.0, 2024.1.1, 2024.1.2, 2024.1.3, 2024.1.4, 2024.1.5, 2024.1.6, 2024.1.7, 2024.1.10, 2024.2.0, 2024.2.1