EUVD-2020-1508

Malware in sbrugna...

@mdslab/iotronic-lightning-rod (>=2.3.1 <=2.3.6), connection-test-table (>=0.1.0 <=0.1.3) +9 more potentially affected by CVE-2020-7781 via connection-tester (>=0.0.7 <=0.2.0)

connection-tester NPM version =0.0.7, =2.3.1, =0.1.0, =0.0.1, =0.0.1, =0.0.10, =1.1.3, =0.0.1, =0.0.1, =1.0.0, =0.0.1, =0.1.2 Source cves: CVE-2020-7781 Source advisory: OSV:GHSA-W5MP-8P8W-MHH8...

GHSA-W5MP-8P8W-MHH8 Command injection in connection-tester

This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. Affected versions of this package are vulnerable to Command Injection...

Command injection in connection-tester

This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. Affected versions of this package are vulnerable to Command Injection...

OS Command Injection

connection-tester is vulnerable to OS Command Injection. The vulnerability exists as it does not properly validate hostname and port values...

CVE-2020-7781

This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:...

CVE-2020-7781

This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:...

Code injection

This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:...

CVE-2020-7781

CVE-2020-7781 affects the npm package connection-tester prior to 0.2.1. The vulnerability is a command injection at index.js line 15, demonstrated by the included PoC and Snyk report. The security issue enables arbitrary command execution via the injection point, with PoC showing commands passed ...

CVE-2020-7781 Command Injection

This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:...

Skoranga Node-connection-tester Command Injection Vulnerability

Skoranga Node-connection-tester is a Javascript-based software from the individual developers at Skoranga for testing whether a connection can be established to a remote host and port. A command injection vulnerability exists in connection-tester versions prior to 0.2.1, which originates in...

@mdslab/iotronic-lightning-rod (>=2.3.1 <=2.3.6), connection-test-table (>=0.1.0 <=0.1.3) +9 more potentially affected by CVE-2020-7781 via connection-tester (>=0.0.7 <=0.2.0)

connection-tester NPM version =0.0.7, =2.3.1, =0.1.0, =0.0.1, =0.0.1, =0.0.10, =1.1.3, =0.0.1, =0.0.1, =1.0.0, =0.0.1, =0.1.2 Source cves: CVE-2020-7781 Source advisory: SNYK:JS-CONNECTIONTESTER-1048337...

Command Injection

Overview connection-tester is a module that tests to check if the connection can be established or host/port reachable for a given host and port. Useful for testing all the connection in your node application at server startup. Affected versions of this package are vulnerable to Command Injection...