4 matches found
3a-server (>=0.7.41 <=0.9.10), 3a-server-mongo (>=0.1.0-beta.1 <=1.0.0-beta.1) +457 more potentially affected by CVE-2020-7645 via chrome-launcher (>=0.10.0 <=0.13.1)
chrome-launcher NPM version =0.10.0, =0.7.41, =0.1.0-beta.1, =0.1.3, =0.0.3, =5.0.0, =5.0.0, =5.0.0, =0.0.1, =0.1.0, =1.0.2, =2.0.1-pr.52, =0.0.1-alpha.1, =0.1.0, =0.0.1, =2.6.0, =5.0.0 and more Source cves: CVE-2020-7645 Source advisory: OSV:GHSA-GP2J-MG4W-2RH5...
CVE-2020-7645
All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems...
CVE-2020-7645
CVE-2020-7645 affects chrome-launcher and enables OS command injection by manipulating the HOME environment variable on Linux. The issue exists in all versions prior to the patch, with remediation documented as upgrading to version 0.13.2 or later. Reports from GHSA and Veracode describe the vuln...
3a-server (>=0.7.41 <=0.9.10), 3a-server-mongo (>=0.1.0-beta.1 <=1.0.0-beta.1) +457 more potentially affected by CVE-2020-7645 via chrome-launcher (>=0.10.0 <=0.13.1)
chrome-launcher NPM version =0.10.0, =0.7.41, =0.1.0-beta.1, =0.1.3, =0.0.3, =5.0.0, =5.0.0, =5.0.0, =0.0.1, =0.1.0, =1.0.2, =2.0.1-pr.52, =0.0.1-alpha.1, =0.1.0, =0.0.1, =2.6.0, =5.0.0 and more Source cves: CVE-2020-7645 Source advisory: SNYK:JS-CHROMELAUNCHER-537575...