4 matches found
CVE-2020-7697
This affects all versions of package mock2easy. a malicious user could inject commands through the data variable: Affected Area require'../server/getJsonByCurl'mock2easy, function error, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , '', data.interfaceUrl, query,...
CVE-2020-7697 Command Injection
This affects all versions of package mock2easy. a malicious user could inject commands through the data variable: Affected Area require'../server/getJsonByCurl'mock2easy, function error, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , '', data.interfaceUrl, query,...
CVE-2020-7697
The CVE-2020-7697 entry concerns the npm package mock2easy, with a code injection vulnerability exposed via the _data variable in the command path that invokes a server-side curl wrapper. Technical details in connected items show the vulnerable call pattern: require('../server/getJsonByCurl')(moc...
dbl (>=0.0.7 <=0.1.12), dbl2 (>=0.5.4 <=0.5.6) +7 more potentially affected by CVE-2020-7697 via mock2easy (>=0.0.20 <=0.0.6)
mock2easy NPM version =0.0.20, =0.0.7, =0.5.4, =1.0.3, =0.4.0, =1.2.0, =0.0.1, =1.0.2, =0.0.1, =0.0.2 Source cves: CVE-2020-7697 Source advisory: SNYK:JS-MOCK2EASY-572312...