Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2020-7677HistoryJul 25, 2022 - 2:15 p.m.
CVE-2020-7677
2022-07-2514:15:10
Debian Security Bug Tracker
security-tracker.debian.org
12
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
59.6%
This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | node-thenify | < 3.3.1-1 | node-thenify_3.3.1-1_all.deb |
| Debian | 11 | all | node-thenify | < 3.3.1-1 | node-thenify_3.3.1-1_all.deb |
| Debian | 10 | all | node-thenify | < 3.3.0-1+deb10u1 | node-thenify_3.3.0-1+deb10u1_all.deb |
| Debian | 999 | all | node-thenify | < 3.3.1-1 | node-thenify_3.3.1-1_all.deb |
| Debian | 13 | all | node-thenify | < 3.3.1-1 | node-thenify_3.3.1-1_all.deb |
Related
osv
osv
CVE-2020-7677
2022-07-25 14:15:10
node-thenify - security update
2022-10-01 00:00:00
node-thenify vulnerability
2023-04-13 17:23:24
ubuntu
ubuntu
thenify vulnerability
2023-04-13 00:00:00
prion
prion
Session fixation
2022-07-25 14:15:00
nvd
nvd
CVE-2020-7677
2022-07-25 14:15:10
veracode
veracode
Arbitrary Code Injection
2020-06-19 03:00:24
openvas
openvas
Ubuntu: Security Advisory (USN-6016-1)
2023-04-14 00:00:00
Debian: Security Advisory (DLA-3128-1)
2022-10-01 00:00:00
Fedora: Security Advisory for yarnpkg (FEDORA-2023-ce8943223c)
2023-01-22 00:00:00
debian
debian
[SECURITY] [DLA 3128-1] node-thenify security update
2022-09-30 22:56:44
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : thenify vulnerability (USN-6016-1)
2023-04-13 00:00:00
Debian DLA-3128-1 : node-thenify - LTS security update
2022-09-30 00:00:00
Fedora 36 : yarnpkg (2023-18fd476362)
2023-01-21 00:00:00
redhatcve
redhatcve
CVE-2020-7677
2022-09-16 05:13:17
ubuntucve
ubuntucve
CVE-2020-7677
2022-07-25 00:00:00
github
github
thenify before 3.3.1 made use of unsafe calls to `eval`.
2022-07-18 19:15:29
cve
cve
CVE-2020-7677
2022-07-25 14:15:10
cvelist
cvelist
CVE-2020-7677 Arbitrary Code Execution
2022-07-25 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: yarnpkg-1.22.19-3.fc37
2023-01-21 03:34:16
[SECURITY] Fedora 36 Update: yarnpkg-1.22.19-3.fc36
2023-01-21 03:43:23
[SECURITY] Fedora 38 Update: yarnpkg-1.22.19-5.fc38
2023-03-30 00:23:16
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
59.6%
Related for DEBIANCVE:CVE-2020-7677