CVE-2020-7635

compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument...

EUVD-2021-2472

Malware in sbrugna...

@love-open-source/ember-slider (>=0.0.2 <=1.1.10), broccoli-compass-compiler (>=0.0.1 <=0.0.6) +1 more potentially affected by CVE-2020-7635 via compass-compile (=0.0.1)

compass-compile NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on compass-compile and may be impacted: - @love-open-source/ember-slider =0.0.2, =0.0.1, =0.1.0, =0.5.0 Source cves: CVE-2020-7635 Source advisory: OSV:GHSA-7Q9F-X6RM-QMXR...

Command Injection in compass-compile

compass-compile through 0.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

GHSA-7Q9F-X6RM-QMXR Command Injection in compass-compile

compass-compile through 0.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...

Compass-compile Command Injection Vulnerability

compass-compile is a compiler. A command injection vulnerability exists in compass-compile version 0.0.1 and earlier. The vulnerability can be exploited to execute arbitrary code with the 'options' parameter...

CVE-2020-7635

compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument...

CVE-2020-7635

compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument...

Command injection

compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument...

CVE-2020-7635

compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument...

CVE-2020-7635

CVE-2020-7635 affects the Node.js package compass-compile (through 0.0.1). The vulnerability arises from an unsanitized options argument in the library’s command construction, enabling Command Injection and the potential execution of arbitrary shell commands. Multiple connected sources corroborat...

Command Injection

Overview compass-compile is a Compass wrapper for node.js. Affected versions of this package are vulnerable to Command Injection. The options argument can be controlled by users without any sanitization. PoC var Root = require'compass-compile'; var root = new Root; var options =...

@love-open-source/ember-slider (>=0.0.2 <=1.1.10), broccoli-compass-compiler (>=0.0.1 <=0.0.6) +1 more potentially affected by CVE-2020-7635 via compass-compile (=0.0.1)

compass-compile NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on compass-compile and may be impacted: - @love-open-source/ember-slider =0.0.2, =0.0.1, =0.1.0, =0.5.0 Source cves: CVE-2020-7635 Source advisory:...