Lucene search
GoogleOSV:GHSA-PC62-CQ5X-3J5GHistoryJul 26, 2022 - 12:01 a.m.
node-import `params` argument can be controlled by users without any sanitization
2022-07-2600:01:05
Google
osv.dev
4
node-import
user control
sanitization
eval function
index file
security vulnerability
software
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.8
Confidence
High
EPSS
0.002
Percentile
61.7%
This affects all versions of package node-import. The params argument of module function can be controlled by users without any sanitization. This is then provided to the “eval” function located in line 79 in the index file index.js.
Related
cve
cve
CVE-2020-7678
2022-07-25 14:15:10
prion
prion
Design/Logic Flaw
2022-07-25 14:15:00
veracode
veracode
Prototype Pollution
2022-07-26 05:18:38
cvelist
cvelist
CVE-2020-7678 Arbitrary Code Execution
2022-07-25 14:07:56
nvd
nvd
CVE-2020-7678
2022-07-25 14:15:10
github
github
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
6.8
Confidence
High
EPSS
0.002
Percentile
61.7%
Related for OSV:GHSA-PC62-CQ5X-3J5G