5 matches found
@csn_chile/fuelgauge (=1.0.1), @csn_chile/ol_ws (=1.0.0) +8 more potentially affected by CVE-2020-7678 via node-import (>=0.1.9 <=0.9.2)
node-import NPM version =0.1.9, =1.0.0, =1.0.0, =0.0.2, =0.1.2, =1.1.2, =1.1.1, =1.4.2 Source cves: CVE-2020-7678 Source advisory: OSV:GHSA-PC62-CQ5X-3J5G...
CVE-2020-7678
This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js"...
CVE-2020-7678 Arbitrary Code Execution
This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js"...
CVE-2020-7678
node-import is vulnerable to Arbitrary Code Execution: the params argument can be provided by users without sanitization and is passed to eval in index.js (line 79), affecting all versions. A PoC exists demonstrating code execution, and no fixed version is available. Practical remediation is to r...
@csn_chile/fuelgauge (=1.0.1), @csn_chile/ol_ws (=1.0.0) +8 more potentially affected by CVE-2020-7678 via node-import (>=0.1.9 <=0.9.2)
node-import NPM version =0.1.9, =1.0.0, =1.0.0, =0.0.2, =0.1.2, =1.1.2, =1.1.1, =1.4.2 Source cves: CVE-2020-7678 Source advisory: SNYK:JS-NODEIMPORT-571691...