4 matches found
hltc-webapi-master (>=1.0.0 <=1.2.0), verda (>=0.1.0 <=1.2.1) potentially affected by CVE-2020-7784 via ts-process-promises (=1.0.2)
ts-process-promises NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on ts-process-promises and may be impacted: - hltc-webapi-master =1.0.0, =0.1.0, =1.2.1 Source cves: CVE-2020-7784 Source advisory: OSV:GHSA-WW4J-C2RQ-47Q8...
CVE-2020-7784
This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the following PoC:...
CVE-2020-7784 command_injection
This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the following PoC:...
CVE-2020-7784
CVE-2020-7784 affects all versions of the npm package ts-process-promises. The exposed vulnerability is a command-injection flaw located at line 45 of the main entry lib/process-promises.js. A PoC demonstrates exploitation via requiring ts-process-promises and invoking exec (e.g., a.exec("touch J...