Show plain JSON{"id": "CVE-2019-20809", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2020-06-03T17:15:24.717", "references": [{"url": "https://privacylog.blogspot.com/2019/10/compound-finance-zero-day-prices-can.html", "tags": ["Mitigation", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://privacylog.blogspot.com/2019/10/compound-finance-zero-day-prices-can.html", "tags": ["Mitigation", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The price oracle in PriceOracle.sol in Compound Finance Compound Price Oracle 1.0 through 2.0 allows a price poster to set an invalid asset price via the setPrice function, and consequently violate the intended limits on price swings."}, {"lang": "es", "value": "El price oracle en el archivo PriceOracle.sol en Compound Finance Compound Price Oracle versiones 1.0 hasta 2.0, permite en un cartel de precios ajustar un precio de activo no v\u00e1lido por medio de la funci\u00f3n setPrice y, posteriormente, violar los l\u00edmites previstos en las oscilaciones de precios."}], "lastModified": "2024-11-21T04:39:25.010", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:compound:price_oracle:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA647DA6-D38E-4C60-B720-4C69B44EAFC3", "versionEndIncluding": "2.0", "versionStartIncluding": "1.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}