5 matches found
CVE-2020-7604
pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...
brew-js (>=0.1.0 <=0.1.8), buildr (>=0.2.0 <=0.8.7) +9 more potentially affected by CVE-2020-7604 via pulverizr (=0.7.0)
pulverizr NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on pulverizr and may be impacted: - brew-js =0.1.0, =0.2.0, =0.1.0, =0.0.1, =0.0.2, =1.0.0, =0.1.0, =0.0.11, =0.0.12 Source cves: CVE-2020-7604 Source advisory:...
CVE-2020-7604
pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this...
CVE-2020-7604
Vulnerability summary for CVE-2020-7604: Pulverizr
brew-js (>=0.1.0 <=0.1.8), buildr (>=0.2.0 <=0.8.7) +9 more potentially affected by CVE-2020-7604 via pulverizr (=0.7.0)
pulverizr NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on pulverizr and may be impacted: - brew-js =0.1.0, =0.2.0, =0.1.0, =0.0.1, =0.0.2, =1.0.0, =0.1.0, =0.0.11, =0.0.12 Source cves: CVE-2020-7604 Source advisory:...