Lucene search
K

4 matches found

NVD
NVD
added 2020/07/29 1:15 p.m.19 views

CVE-2020-7697

This affects all versions of package mock2easy. a malicious user could inject commands through the data variable: Affected Area require'../server/getJsonByCurl'mock2easy, function error, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , '', data.interfaceUrl, query,...

9.8CVSS9.6AI score0.02044EPSS
Exploits1References2
Cvelist
Cvelist
added 2020/07/29 12:40 p.m.17 views

CVE-2020-7697 Command Injection

This affects all versions of package mock2easy. a malicious user could inject commands through the data variable: Affected Area require'../server/getJsonByCurl'mock2easy, function error, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , '', data.interfaceUrl, query,...

9.8CVSS9.6AI score0.02044EPSS
Exploits1References2
CVE
CVE
added 2020/07/29 12:40 p.m.43 views

CVE-2020-7697

The CVE-2020-7697 entry concerns the npm package mock2easy, with a code injection vulnerability exposed via the _data variable in the command path that invokes a server-side curl wrapper. Technical details in connected items show the vulnerable call pattern: require('../server/getJsonByCurl')(moc...

9.8CVSS9.6AI score0.02044EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2020/06/15 7:44 a.m.5 views

dbl (>=0.0.7 <=0.1.12), dbl2 (>=0.5.4 <=0.5.6) +7 more potentially affected by CVE-2020-7697 via mock2easy (>=0.0.20 <=0.0.6)

mock2easy NPM version =0.0.20, =0.0.7, =0.5.4, =1.0.3, =0.4.0, =1.2.0, =0.0.1, =1.0.2, =0.0.1, =0.0.2 Source cves: CVE-2020-7697 Source advisory: SNYK:JS-MOCK2EASY-572312...

9.8CVSS7.2AI score0.02044EPSS
Exploits1
Rows per page
Query Builder