CVE-2020-28478: 
JavaScript vulnerability analysis and mitigation

This vulnerability (CVE-2020-28478) affects the GSAP (GreenSock Animation Platform) package versions before 3.6.0. The vulnerability was discovered on December 27, 2020, and was publicly disclosed on January 19, 2021. GSAP is a JavaScript library used for building high-performance animations that work across major browsers (Snyk Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The vulnerability is characterized by its network attack vector, low attack complexity, no privileges required, and no user interaction needed. While it doesn't impact confidentiality or integrity, it has a high impact on availability (Snyk Advisory).

The vulnerability primarily affects the availability of systems using the vulnerable GSAP versions. When successfully exploited, it can result in a total loss of availability, where the attacker can fully deny access to resources in the impacted component. This loss can be either sustained while the attack continues or persistent even after the attack has completed (Snyk Advisory).

The recommended mitigation is to upgrade the GSAP package to version 3.6.0 or higher, which contains the fix for this vulnerability (Snyk Advisory).