Lucene search
GitHub Advisory DatabaseGHSA-PC62-CQ5X-3J5GHistoryJul 26, 2022 - 12:01 a.m.
node-import `params` argument can be controlled by users without any sanitization
2022-07-2600:01:05
GitHub Advisory Database
github.com
18
node-import
params
user control
sanitization
eval
index.js
software
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
61.7%
This affects all versions of package node-import. The params argument of module function can be controlled by users without any sanitization. This is then provided to the “eval” function located in line 79 in the index file index.js.
Affected configurations
Node
node-import_projectnode-importRange≤0.9.2node.js
| Vendor | Product | Version | CPE |
|---|---|---|---|
| node-import_project | node-import | * | cpe:2.3:a:node-import_project:node-import:*:*:*:*:*:node.js:*:* |
Related
osv
osv
cve
cve
CVE-2020-7678
2022-07-25 14:15:10
prion
prion
Design/Logic Flaw
2022-07-25 14:15:00
veracode
veracode
Prototype Pollution
2022-07-26 05:18:38
cvelist
cvelist
CVE-2020-7678 Arbitrary Code Execution
2022-07-25 14:07:56
nvd
nvd
CVE-2020-7678
2022-07-25 14:15:10
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
0.002
Percentile
61.7%
Related for GHSA-PC62-CQ5X-3J5G