Miggo Logo
Miggo Vulnerability Database
CVE-2020-7764

CVE-2020-7764: Web Cache Poisoning in find-my-way

5.9

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-7764
GHSA ID
GHSA-jgrh-5m3h-9c5f
EPSS Score
0.75689%
CWE
CWE-444
Published
11/9/2020
Updated
1/9/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
find-my-waynpm< 2.2.52.2.5
find-my-waynpm>= 3.0.0, < 3.0.53.0.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from find-my-way's default handling of the 'Accept-Version' header via the deriveVersion function in lib/accept-version.js. Before patches, this function was always active, parsing the header even when no versioned routes existed. This allowed attackers to inject malicious headers that would be cached (as they weren't part of the cache key), leading to web cache poisoning. The GitHub commit ab40835 shows the fix involved making versioning opt-in - deriveVersion only activates when versioned routes exist. In vulnerable versions, this function's unconditional header parsing created the attack surface.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T*is *****ts t** p**k*** *in*-my-w*y ***or* *.*.*, *rom *.*.* *n* ***or* *.*.*. It ****pts t** ****pt-V*rsion' *****r *y ****ult, *n* i* v*rsion** rout*s *r* not **in* us**, t*is *oul* l*** to * **ni*l o* s*rvi**. ****pt-V*rsion **n ** us** *s *n unk

Reasoning

T** vuln*r**ility st*ms *rom *in*-my-w*y's ****ult **n*lin* o* t** '****pt-V*rsion' *****r vi* t** `**riv*V*rsion` *un*tion in `li*/****pt-v*rsion.js`. ***or* p*t***s, t*is *un*tion w*s *lw*ys **tiv*, p*rsin* t** *****r *v*n w**n no v*rsion** rout*s