CVE-2020-7764

MEDIUM

find-my-way <2.2.5 & 3.0.0-3.0.5 - DoS

Title source: llm

Description

This affects the package find-my-way before 2.2.5, from 3.0.0 and before 3.0.5. It accepts the Accept-Version' header by default, and if versioned routes are not being used, this could lead to a denial of service. Accept-Version can be used as an unkeyed header in a cache poisoning attack.

References (2)

[Third Party Advisory] https://snyk.io/vuln/SNYK-JS-FINDMYWAY-1038269

[Patch, Third Party Advisory] https://github.com/delvedor/find-my-way/commit/ab408354690e6b9cf3c4724befb3b3fa4bb90aac

View Patch ZIP pw:eip

Scores

CVSS v3 5.9

EPSS 0.0097

EPSS Percentile 76.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-444

Status published

Products (2)

find-my-way_project/find-my-way < 2.2.5

npm/find-my-way 0 - 2.2.5npm

Published Nov 08, 2020

Tracked Since Feb 18, 2026