CVE-2020-36660

MEDIUM

paxswill EVE Ship Replacement Program <0.12.11 - Info Disclosure

Title source: llm

Description

A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The patch is named 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211.

References (4)

Core 4

Core References

Third Party Advisory vdb-entry technical-description

https://vuldb.com/?id.220211

Permissions Required, Third Party Advisory signature permissions-required

https://vuldb.com/?ctiid.220211

Patch patch

https://github.com/paxswill/evesrp/commit/9e03f68e46e85ca9c9694a6971859b3ee66f0240

View Patch ZIP pw:eip

Release Notes patch

https://github.com/paxswill/evesrp/releases/tag/v0.12.12

Scores

CVSS v3 4.3

EPSS 0.0067

EPSS Percentile 47.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (2)

eve_ship_replacement_program_project/eve_ship_replacement_program 0.12.11

pypi/EVE-SRP 0 - 0.12.12PyPI

Published Feb 06, 2023

Tracked Since Feb 18, 2026