4 matches found
CVE-2020-7632
node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...
CVE-2020-7632
node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument...
CVE-2020-7632
node-mpv (Node.js wrapper for mpv) up to version 1.4.3 is vulnerable to a Command Injection due to unsanitized control of the options argument. The root cause is that the options object can be crafted by an attacker to execute arbitrary commands, with network access and no user interaction requir...
@beargame/devdeck (>=1.1.0 <=1.1.4), @quran-cli/q-cli (>=1.0.0 <=1.1.3) +14 more potentially affected by CVE-2020-7632 via node-mpv (>=1.5.0 <=2.0.0-beta.2)
node-mpv NPM version =1.5.0, =1.1.0, =1.0.0, =0.1.1-alpha.1, =0.1.1, =0.0.1, =3.0.0, =0.1.0, =1.0.2, =1.0.9, =0.0.4, =1.0.0, =0.1.12, =0.1.15 and more Source cves: CVE-2020-7632 Source advisory: SNYK:JS-NODEMPV-564426...