{ "schema_version": "1.4.0", "id": "GHSA-vq23-hwg7-hxrh", "modified": "2022-12-29T01:06:02Z", "published": "2022-12-21T21:30:15Z", "aliases": [ "CVE-2020-36620" ], "summary": "EnumStringValues vulnerable to Uncontrolled Resource Consumption", "details": "A vulnerability was found in Brondahl EnumStringValues 4.0.1. It has been declared as problematic. This vulnerability affects the function GetStringValuesWithPreferences_Uncache of the file EnumStringValues/EnumExtensions.cs. The manipulation leads to resource consumption. Upgrading to version 4.0.2 to address this issue. The name of the patch is c0fc7806beb24883cc2f9543ebc50c0820297307. It is recommended to upgrade the affected component. VDB-216466 is the identifier assigned to this vulnerability.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "affected": [ { "package": { "ecosystem": "NuGet", "name": "EnumStringValues" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "4.0.2" } ] } ] } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-36620" }, { "type": "WEB", "url": "https://github.com/Brondahl/EnumStringValues/commit/c0fc7806beb24883cc2f9543ebc50c0820297307" }, { "type": "PACKAGE", "url": "https://github.com/Brondahl/EnumStringValues" }, { "type": "WEB", "url": "https://github.com/Brondahl/EnumStringValues/releases/tag/4.0.1" }, { "type": "WEB", "url": "https://github.com/Brondahl/EnumStringValues/releases/tag/4.0.2" }, { "type": "WEB", "url": "https://vuldb.com/?id.216466" } ], "database_specific": { "cwe_ids": [ "CWE-400", "CWE-404" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2022-12-22T03:35:03Z", "nvd_published_at": "2022-12-21T19:15:00Z" } }