2443 matches found
Arbitrary Code Execution
Overview thenify is a Promisify a callback-based function using any-promise. Affected versions of this package are vulnerable to Arbitrary Code Execution. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function witho...
Arbitrary Code Execution
Overview node-import is a package that imports dependencies and run it directly or concatenate them and exports to file. Affected versions of this package are vulnerable to Arbitrary Code Execution. The "params" argument of module function can be controlled by users without any sanitization.b. Th...
Arbitrary Code Execution
mosc is vulnerable to arbitrary code execution. Untrusted user input to the properties argument is passed to the eval function without validation, allowing an attacker to execute arbitrary code...
Arbitrary Code Execution
node-extend is vulnerable to arbitrary code execution. Untrusted user input as argument A to the functionA,B,as,isAargs in lib/extend.js is passed to the eval function without validation, allowing an attacker to execute arbitrary code...
Access-Policy Code Execution Vulnerability
access-policy is an access policy encoder/parser. A security vulnerability exists in access-policy 3.1.0 and earlier versions, which originates when user input provided to the 'template' function is executed by the 'eval' function. An attacker could exploit this vulnerability to execute code...
cd-messenger input validation error vulnerability
cd-messenger is a console and file recorder with Gulp automated build tool support by American software developer Mike Erickson. An input validation error vulnerability exists in cd-messenger 2.7.26 and earlier versions, which stems from the 'eval' function executing user input passed to the...
CVE-2020-7673
node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...
CVE-2020-7672
mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...
CVE-2020-7674
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the template function is executed by the eval function resulting in code execution...
CVE-2020-7674
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the template function is executed by the eval function resulting in code execution...
CVE-2020-7675
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...
CVE-2020-7675
cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the color argument executed by the eval function resulting in code execution...
CVE-2020-7672
mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...
Remote code execution
mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...
Remote code execution
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the template function is executed by the eval function resulting in code execution...
Remote code execution
node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...
CVE-2020-7673
node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...
CVE-2020-7673
CVE-2020-7673 affects node-extend up to version 0.2.0. The vulnerability arises in the extend(A,B,as,isAargs) function (lib/extend.js) where user input is passed to eval, enabling Arbitrary Code Execution. Affected: node-extend 0.2.0 and earlier. Impact: potential remote code execution with netwo...
CVE-2020-7672
mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...
CVE-2020-7672
CVE-2020-7672 affects the mosc package (mosc through 1.0.0). The vulnerability lies in user input passed to the properties argument, which is executed via eval, leading to arbitrary code execution. In practice, a crafted input can cause code execution in impacted environments (SNYK provides a Pro...