3 matches found
@servable/server (>=1.0.0 <=1.11.2), dockertools (=1.8.2) +5 more potentially affected by CVE-2020-7785 via node-ps (=0.0.2)
node-ps NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on node-ps and may be impacted: - @servable/server =1.0.0, =1.0.0, =1.5.1, =0.2.1, =0.0.3, =0.0.4 - servable-publishable =1.1.0 Source cves: CVE-2020-7785 Source advisory:...
CVE-2020-7785
CVE-2020-7785 affects all versions of the package node-ps . The root cause is a command injection vulnerability at the injection point in line 72 of lib/index.js, where untrusted input can reach childProcess.exec. A PoC demonstrates supplying shell metacharacters via psargs (e.g., {psargs:["& tou...
@servable/server (>=1.0.0 <=1.11.2), dockertools (=1.8.2) +5 more potentially affected by CVE-2020-7785 via node-ps (=0.0.2)
node-ps NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on node-ps and may be impacted: - @servable/server =1.0.0, =1.0.0, =1.5.1, =0.2.1, =0.0.3, =0.0.4 - servable-publishable =1.1.0 Source cves: CVE-2020-7785 Source advisory:...