4 matches found
@adobe/aem-site-template-builder (>=0.1.7 <=0.1.8), alexa-scripts (>=0.2.0 <=0.3.4) +4 more potentially affected by CVE-2020-7730 via bestzip (>=1.1.3 <=2.1.6)
bestzip NPM version =1.1.3, =0.1.7, =0.2.0, =1.0.0, =1.0.0, =0.0.1, =1.0.0, =1.0.2 Source cves: CVE-2020-7730 Source advisory: OSV:GHSA-6XV6-JPVW-CX6Q...
CVE-2020-7730
The package bestzip before 2.1.7 are vulnerable to Command Injection via the options param...
CVE-2020-7730
CVE-2020-7730 affects the npm package bestzip prior to version 2.1.7, which is vulnerable to Command Injection via the options parameter. The vulnerability is described across multiple sources (NVD/NVDC, OSV, GitHub advisories, and npm advisories) with a high-severity impact (CVSS v3.1: CRITICAL,...
@adobe/aem-site-template-builder (>=0.1.7 <=0.1.8), vulnerable-js (>=1.0.0 <=1.0.2) potentially affected by CVE-2020-7730 via bestzip (=2.1.6)
bestzip NPM version =2.1.6 is affected by a known vulnerability. The following packages have a transitive dependency on bestzip and may be impacted: - @adobe/aem-site-template-builder =0.1.7, =1.0.0, =1.0.2 Source cves: CVE-2020-7730 Source advisory: SNYK:JS-BESTZIP-609371...