Lucene search
AnonymousNODEJS:1665HistoryMay 04, 2021 - 6:18 p.m.
Arbitrary Code Injection
2021-05-0418:18:00
Anonymous
www.npmjs.com
77
0.03 Low
EPSS
Percentile
91.0%
Overview
In xmlhttprequest-ssl before 1.6.2 when requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.
Recommendation
Upgrade to version 1.6.2 or later
References
| CPE | Name | Operator | Version |
|---|---|---|---|
| xmlhttprequest-ssl | lt | 1.6.2 |
Related
githubexploit
githubexploit
Exploit for Code Injection in Xmlhttprequest Project Xmlhttprequest
2021-05-12 12:11:03
veracode
veracode
Arbitrary Code Execution
2021-03-08 05:03:56
cvelist
cvelist
CVE-2020-28502 Arbitrary Code Injection
2021-03-05 00:00:00
debiancve
debiancve
CVE-2020-28502
2021-03-05 18:15:12
github
github
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection
2021-05-04 18:02:34
osv
osv
xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection
2021-05-04 18:02:34
CVE-2020-28502
2021-03-05 18:15:12
cve
cve
CVE-2020-28502
2021-03-05 18:15:12
nvd
nvd
CVE-2020-28502
2021-03-05 18:15:12
prion
prion
Design/Logic Flaw
2021-03-05 18:15:00
ibm
ibm
ubuntucve
ubuntucve
CVE-2020-28502
2021-03-05 00:00:00
redhatcve
redhatcve
CVE-2020-28502
2021-03-05 20:58:13