2 matches found
CVE-2020-7614
CVE-2020-7614 affects npm-programmatic up to version 0.0.12 and enables command injection via concatenated options passed to exec. The vulnerability enables remote code execution if untrusted input is supplied to npm-programmatic’s install/uninstall/list paths, as demonstrated by the evidence and...
0.extends.wechat (>=1.0.51 <=1.0.65), @berkozturk/npm_project_generator (=1.0.0) +152 more potentially affected by CVE-2020-7614 via npm-programmatic (>=0.0.10 <=0.0.9)
npm-programmatic NPM version =0.0.10, =1.0.51, =0.0.2, =0.0.1-dev-preview-19, =0.1.0, =0.4.0, =0.2.0, =3.0.0, =0.1.0, =1.0.0, =0.0.1-rc.1, =0.0.1, =1.0.0, =4.0.0, =5.1.4 and more Source cves: CVE-2020-7614 Source advisory: SNYK:JS-NPMPROGRAMMATIC-564115...