4 matches found
CVE-2020-7672
mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...
@enexus/ravepay (=1.3.0), @iykedapotential/flw-notifier (=0.0.6) +17 more potentially affected by CVE-2020-7672 via mosc (=1.0.0)
mosc NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on mosc and may be impacted: - @enexus/ravepay =1.3.0 - @iykedapotential/flw-notifier =0.0.6 - @legobox/ravepay =1.3.0 - @waptik/ravepay-nodejs =1.2.1-1, =1.0.0, =1.0.0, =1.0.0, =1.0....
CVE-2020-7672
CVE-2020-7672 affects the mosc package (mosc through 1.0.0). The vulnerability lies in user input passed to the properties argument, which is executed via eval, leading to arbitrary code execution. In practice, a crafted input can cause code execution in impacted environments (SNYK provides a Pro...
@enexus/ravepay (=1.3.0), @iykedapotential/flw-notifier (=0.0.6) +17 more potentially affected by CVE-2020-7672 via mosc (=1.0.0)
mosc NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on mosc and may be impacted: - @enexus/ravepay =1.3.0 - @iykedapotential/flw-notifier =0.0.6 - @legobox/ravepay =1.3.0 - @waptik/ravepay-nodejs =1.2.1-1, =1.0.0, =1.0.0, =1.0.0, =1.0....