6 matches found
CVE-2020-7627
node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...
@bionicmetrics/bionic (>=1.2.0 <=1.3.6), @smoosee/wakemeup (>=1.0.9 <=1.20.0) +7 more potentially affected by CVE-2020-7627 via node-key-sender (=1.0.11)
node-key-sender NPM version =1.0.11 is affected by a known vulnerability. The following packages have a transitive dependency on node-key-sender and may be impacted: - @bionicmetrics/bionic =1.2.0, =1.0.9, =1.5.0, =0.0.1, =1.0.0, =1.0.5, =1.2.1, =1.1.0, =2.2.0 Source cves: CVE-2020-7627 Source...
CVE-2020-7627
node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...
CVE-2020-7627
node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute' function...
CVE-2020-7627
The CVE refers to the npm module node-key-sender (versions up to 1.0.11 and earlier). The root cause is a Command Injection in the function that uses the arrParams argument of the execute() method, allowing execution of arbitrary commands. Multiple connected sources (Red Hat, Snyk, Veracode, CNVD...
@bionicmetrics/bionic (>=1.2.0 <=1.3.6), @smoosee/wakemeup (>=1.0.9 <=1.20.0) +8 more potentially affected by CVE-2020-7627 via node-key-sender (>=1.0.11 <=1.0.9)
node-key-sender NPM version =1.0.11, =1.2.0, =1.0.9, =1.5.0, =0.0.1, =1.0.0, =1.0.5, =0.9.0, =1.2.1, =1.1.0, =2.2.0 Source cves: CVE-2020-7627 Source advisory: SNYK:JS-NODEKEYSENDER-564261...