Lucene search

[email protected]NVD:CVE-2020-7795

HistoryAug 02, 2022 - 2:15 p.m.

CVE-2020-7795

2022-08-0214:15:09

CWE-77

[email protected]

web.nvd.nist.gov

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

54.9%

JSON

The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js.

Affected configurations

NVD

Node

get-npm-package-version_projectget-npm-package-versionRange<1.0.7node.js

References

github.com/hoperyy/get-npm-package-version/blob/338a5882298eb2c2194538db41166cae13c39e03/index.js%23L17

github.com/hoperyy/get-npm-package-version/commit/40b1cf31a0607ea66f9e30a0c3af1383b52b2dec

security.snyk.io/vuln/SNYK-JS-GETNPMPACKAGEVERSION-1050390

www.npmjs.com/package/get-npm-package-version/v/1.0.6

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

54.9%

JSON

Related for NVD:CVE-2020-7795

osv2 cvelist1 github1 veracode1 prion1 cve1