Arbitrary file deletion

2023-12-0820:15:00

PRIOn knowledge base

www.prio-n.com

evershop

npm

sensitive information

execute arbitrary code

file deletion

remote attacker

security issue

7.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.9%

JSON

An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file.

CPENameOperatorVersion
evershopeq1.0.0 beta2
evershopeq1.0.0 beta1
evershopeq1.0.0 beta
evershopeq1.0.0 rc3
evershopeq1.0.0 rc1
evershopeq1.0.0 rc2
evershopeq1.0.0 beta3
evershopeq1.0.0 beta4
evershopeq1.0.0 beta5
evershopeq1.0.0 rc5

Name	Operator	Version
evershop	eq	1.0.0 beta2
evershop	eq	1.0.0 beta1
evershop	eq	1.0.0 beta
evershop	eq	1.0.0 rc3
evershop	eq	1.0.0 rc1
evershop	eq	1.0.0 rc2
evershop	eq	1.0.0 beta3
evershop	eq	1.0.0 beta4
evershop	eq	1.0.0 beta5
evershop	eq	1.0.0 rc5