7 matches found
CVE-2020-7602
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand" is called by "getDevices" function in file "linux/manager.js", which is required by the "index. process.env.NMCLI" in the file "linux/manager.js". This function is used to construct the argument of function...
sulu-file-system-view-prompt-here (>=1.0.2 <=1.0.4) potentially affected by CVE-2020-7602 via node-prompt-here (=1.0.1)
node-prompt-here NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on node-prompt-here and may be impacted: - sulu-file-system-view-prompt-here =1.0.2, =1.0.4 Source cves: CVE-2020-7602 Source advisory: OSV:GHSA-F8FH-8RGM-227H...
CVE-2020-7602
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand" is called by "getDevices" function in file "linux/manager.js", which is required by the "index. process.env.NMCLI" in the file "linux/manager.js". This function is used to construct the argument of function...
CVE-2020-7602
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand" is called by "getDevices" function in file "linux/manager.js", which is required by the "index. process.env.NMCLI" in the file "linux/manager.js". This function is used to construct the argument of function...
CVE-2020-7602
CVE-2020-7602 relates to node-prompt-here up to version 1.0.1 where the runCommand() in linux/manager.js is invoked by getDevices(), which is tied to index.process.env.NM_CLI. The argument to execSync() is constructed unsafely and controllable by users, enabling arbitrary command execution (OS co...
CVE-2020-7602
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand" is called by "getDevices" function in file "linux/manager.js", which is required by the "index. process.env.NMCLI" in the file "linux/manager.js". This function is used to construct the argument of function...
sulu-file-system-view-prompt-here (>=1.0.2 <=1.0.4) potentially affected by CVE-2020-7602 via node-prompt-here (=1.0.1)
node-prompt-here NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on node-prompt-here and may be impacted: - sulu-file-system-view-prompt-here =1.0.2, =1.0.4 Source cves: CVE-2020-7602 Source advisory: SNYK:JS-NODEPROMPTHERE-560115...