Vulnerability Change Records for CVE-2020-26237

Change History

CVE Modified by GitHub, Inc. 12/30/2020 9:15:12 PM

Action Type Old Value New Value
Added Reference

								
							
							
						
https://lists.debian.org/debian-lts-announce/2020/12/msg00041.html [No Types Assigned]

Initial Analysis 12/04/2020 1:0:42 PM

Action Type Old Value New Value
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:a:highlightjs:highlight.js:*:*:*:*:*:node.js:*:* versions up to (excluding) 9.18.2
     *cpe:2.3:a:highlightjs:highlight.js:*:*:*:*:*:node.js:*:* versions from (including) 10.1.0 up to (excluding) 10.1.2
Added CVSS V2

								
							
							
						
NIST (AV:N/AC:M/Au:S/C:N/I:P/A:P)
Added CVSS V2 Metadata

								
							
							
						
Victim must voluntarily interact with attack mechanism
Added CVSS V3.1

								
							
							
						
NIST AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Changed Reference Type
https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0 No Types Assigned
https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0 Patch, Third Party Advisory
Changed Reference Type
https://github.com/highlightjs/highlight.js/pull/2636 No Types Assigned
https://github.com/highlightjs/highlight.js/pull/2636 Patch, Third Party Advisory
Changed Reference Type
https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx No Types Assigned
https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx Mitigation, Third Party Advisory
Changed Reference Type
https://www.npmjs.com/package/highlight.js No Types Assigned
https://www.npmjs.com/package/highlight.js Third Party Advisory