{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-15T13:53:46.070","vulnerabilities":[{"cve":{"id":"CVE-2020-36623","sourceIdentifier":"cna@vuldb.com","published":"2022-12-21T19:15:12.227","lastModified":"2024-11-21T05:29:55.100","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in Pengu. It has been declared as problematic. Affected by this vulnerability is the function runApp of the file src\/index.js. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The name of the patch is aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216475."},{"lang":"es","value":"Se encontró una vulnerabilidad en Pengu. Ha sido declarada problemática. La función runApp del archivo src\/index.js es afectada por esta vulnerabilidad. La manipulación conduce a la Cross-Site Request Forgery (CSRF). El ataque se puede lanzar de forma remota. El nombre del parche es aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-216475."}],"metrics":{"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:L\/A:N","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:U\/C:N\/I:H\/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-352"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:pengu_project:pengu:*:*:*:*:*:*:*:*","versionEndExcluding":"2020-11-02","matchCriteriaId":"69657BC6-E5C0-4D73-A890-093ACB51853E"}]}]}],"references":[{"url":"https:\/\/github.com\/jtojnar\/pengu\/commit\/aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91","source":"cna@vuldb.com","tags":["Patch","Third Party Advisory"]},{"url":"https:\/\/vuldb.com\/?id.216475","source":"cna@vuldb.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https:\/\/github.com\/jtojnar\/pengu\/commit\/aea66f12b8cdfc3c8c50ad6a9c89d8307e9d0a91","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https:\/\/vuldb.com\/?id.216475","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}