4 matches found
CVE-2020-7624
effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument...
Withdrawn Advisory: OS Command Injection in effect
Withdrawn Advisory This advisory has been withdrawn because the npm package effect, for which alerts were issued, does not correspond with https://github.com/Javascipt/effect, the repository with the vulnerable code. https://github.com/Javascipt/effect is not in any supported ecosystem...
CVE-2020-7624
effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument...
CVE-2020-7624
CVE-2020-7624 affects the Node package effect (through version 1.0.4 and earlier). The root cause is that the options argument is passed to a function that invokes shell commands via exec without proper sanitization, enabling OS command injection and arbitrary command execution. Public references...