CVE-2020-7675

cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...

EUVD-2021-1198

Malware in sbrugna...

cd-core (>=0.0.3 <=0.0.11) potentially affected by CVE-2020-7675 via cd-messenger (=2.7.12)

cd-messenger NPM version =2.7.12 is affected by a known vulnerability. The following packages have a transitive dependency on cd-messenger and may be impacted: - cd-core =0.0.3, =0.0.11 Source cves: CVE-2020-7675 Source advisory: OSV:GHSA-V756-4WHV-48VC...

GHSA-V756-4WHV-48VC Code Injection in cd-messenger

cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...

Code Injection in cd-messenger

cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...

Arbitrary Code Execution

cd-messenger is vulnerable to arbitrary code execution. Untrusted user input to the color argument is passed to the eval function without validation, allowing an attacker to execute arbitrary code...

cd-messenger input validation error vulnerability

cd-messenger is a console and file recorder with Gulp automated build tool support by American software developer Mike Erickson. An input validation error vulnerability exists in cd-messenger 2.7.26 and earlier versions, which stems from the 'eval' function executing user input passed to the...

CVE-2020-7675

cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...

Remote code execution

cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...

CVE-2020-7675

cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...

CVE-2020-7675

CVE-2020-7675 affects cd-messenger up to version 2.7.26. The issue is an Arbitrary Code Execution vulnerability caused by unvalidated input passed to the color parameter, which is evaluated via eval. This results in code execution and potential impact on confidentiality, integrity, and availabili...

cd-core (>=0.0.3 <=0.0.11) potentially affected by CVE-2020-7675 via cd-messenger (=2.7.12)

cd-messenger NPM version =2.7.12 is affected by a known vulnerability. The following packages have a transitive dependency on cd-messenger and may be impacted: - cd-core =0.0.3, =0.0.11 Source cves: CVE-2020-7675 Source advisory: SNYK:JS-CDMESSENGER-571493...

Arbitrary Code Execution

Overview cd-messenger is a console log logger gulp notification browser node message. Affected versions of this package are vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution. PoC var a = require"cd-messenger...