2 matches found
47pages-keystone (>=0.0.1 <=0.0.5), @amplify-app/create (>=0.1.0 <=0.1.4) +2358 more potentially affected by CVE-2020-13110 via kerberos (>=0.0.11 <=0.0.9)
kerberos NPM version =0.0.11, =0.0.1, =0.1.0, =1.8.5-alpha.46, =1.0.3, =1.0.2, =0.12.0, =0.2.0, =1.0.0, =0.0.5, =0.1.2-beta.1, =0.1.2-beta.7 and more Source cves: CVE-2020-13110 Source advisory: OSV:GHSA-M2MX-RFPW-JGHV...
CVE-2020-13110
The Kerberos package for Node.js (prior to 1.0.0) is vulnerable to DLL Injection due to loading DLLs via kerberos_sspi LoadLibrary() without a full path, enabling arbitrary code execution and privilege escalation. Affected: Node.js Kerberos package before 1.0.0. Root cause: DLL path search select...