14 matches found
CVE-2020-7675
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...
EUVD-2021-1198
Malware in sbrugna...
Code Injection in cd-messenger
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...
cd-core (>=0.0.3 <=0.0.11) potentially affected by CVE-2020-7675 via cd-messenger (=2.7.12)
cd-messenger NPM version =2.7.12 is affected by a known vulnerability. The following packages have a transitive dependency on cd-messenger and may be impacted: - cd-core =0.0.3, =0.0.11 Source cves: CVE-2020-7675 Source advisory: OSV:GHSA-V756-4WHV-48VC...
GHSA-V756-4WHV-48VC Code Injection in cd-messenger
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...
The vulnerability of the eval function in the cd-messenger software lies in insufficient validation of input data, allowing a perpetrator to execute arbitrary code.
The vulnerability of the eval function in the cd-messenger software exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Arbitrary Code Execution
cd-messenger is vulnerable to arbitrary code execution. Untrusted user input to the color argument is passed to the eval function without validation, allowing an attacker to execute arbitrary code...
cd-messenger input validation error vulnerability
cd-messenger is a console and file recorder with Gulp automated build tool support by American software developer Mike Erickson. An input validation error vulnerability exists in cd-messenger 2.7.26 and earlier versions, which stems from the 'eval' function executing user input passed to the...
CVE-2020-7675
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...
Remote code execution
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...
CVE-2020-7675
CVE-2020-7675 affects cd-messenger up to version 2.7.26. The issue is an Arbitrary Code Execution vulnerability caused by unvalidated input passed to the color parameter, which is evaluated via eval. This results in code execution and potential impact on confidentiality, integrity, and availabili...
CVE-2020-7675
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...
cd-core (>=0.0.3 <=0.0.11) potentially affected by CVE-2020-7675 via cd-messenger (=2.7.12)
cd-messenger NPM version =2.7.12 is affected by a known vulnerability. The following packages have a transitive dependency on cd-messenger and may be impacted: - cd-core =0.0.3, =0.0.11 Source cves: CVE-2020-7675 Source advisory: SNYK:JS-CDMESSENGER-571493...
Arbitrary Code Execution
Overview cd-messenger is a console log logger gulp notification browser node message. Affected versions of this package are vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution. PoC var a = require"cd-messenger...