CVE-2020-35774 Scanner

Twitter is one of the world's leading social media platforms that enables communication between people, businesses, and advertisers. To support its infrastructure, Twitter Server is an open-source project used by Twitter, as well as developers across the globe, for building scalable and fault-resistant services. With its easy-to-use and flexible architecture, Twitter Server provides a wide range of features such as load balancing, request routing, and service discovery.

The vulnerability code CVE-2020-35774 was detected in the HistogramQueryHandler.scala module of Twitter Server, which is responsible for handling histogram queries. The vulnerability occurs when an attacker is able to inject cross-site scripting (XSS) code into the histograms endpoint. In some configurations, the endpoint does not sanitize user input, leading to the execution of malicious scripts within the user's browser.

Exploiting this vulnerability can lead to a range of attacks, such as the theft of confidential information, corporate espionage, identity theft, and the spreading of malware. Since XSS attacks allow attackers to execute arbitrary code on the victim's browser, the attacker can use this access to redirect the user to malicious websites, steal login credentials, or install malware on the user's computer.

With the pro version of the s4e.io platform, users can easily and quickly learn about vulnerabilities in their digital assets. The platform provides detailed reports, alerts, and expert analysis to help users identify weaknesses and prioritize their security efforts. By using s4e.io, users can stay ahead of the curve and protect themselves against emerging threats.

REFERENCES

• https://advisory.checkmarx.net/advisory/CX-2020-4287
• https://github.com/twitter/twitter-server/commit/e0aeb87e89a6e6c711214ee2de0dd9f6e5f9cb6c
• https://github.com/twitter/twitter-server/compare/twitter-server-20.10.0...twitter-server-20.12.0