EUVD-2021-1074

Malware in sbrugna...

dn-middleware-faked (=0.3.1), dn-middleware-mock2easy (>=1.0.3 <=1.0.5) +4 more potentially affected by CVE-2020-7697 via mock2easy (>=0.0.20 <=0.0.24)

mock2easy NPM version =0.0.20, =1.0.3, =1.2.0, =0.0.1, =0.0.2 - wact =1.0.2 Source cves: CVE-2020-7697 Source advisory: OSV:GHSA-G4XJ-WCQ6-QWX5...

GHSA-G4XJ-WCQ6-QWX5 Code injection in mock2easy

This affects all versions up to and including version 0.0.24 of package mock2easy. a malicious user could inject commands through the data variable: Affected Area js require'../server/getJsonByCurl'mock2easy, functionerror, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , ''...

Code injection in mock2easy

This affects all versions up to and including version 0.0.24 of package mock2easy. a malicious user could inject commands through the data variable: Affected Area js require'../server/getJsonByCurl'mock2easy, functionerror, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , ''...

mock2easy Command Injection Vulnerability

mock2easy is a tool that supports interface automation testing, interface address redirection and other features. A command injection vulnerability exists in mock2easy. The vulnerability arises when a network system or product lacks proper validation of user input during the process of constructi...

CVE-2020-7697

This affects all versions of package mock2easy. a malicious user could inject commands through the data variable: Affected Area require'../server/getJsonByCurl'mock2easy, function error, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , '', data.interfaceUrl, query,...

Design/Logic Flaw

This affects all versions of package mock2easy. a malicious user could inject commands through the data variable: Affected Area require'../server/getJsonByCurl'mock2easy, function error, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , '', data.interfaceUrl, query,...

CVE-2020-7697

The CVE-2020-7697 entry concerns the npm package mock2easy, with a code injection vulnerability exposed via the _data variable in the command path that invokes a server-side curl wrapper. Technical details in connected items show the vulnerable call pattern: require('../server/getJsonByCurl')(moc...

CVE-2020-7697 Command Injection

This affects all versions of package mock2easy. a malicious user could inject commands through the data variable: Affected Area require'../server/getJsonByCurl'mock2easy, function error, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , '', data.interfaceUrl, query,...

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection a malicious user could inject commands through the data variable: Affected Area require'../server/getJsonByCurl'mock2easy, function error, stdout if error return res.json500, error; res.jsonJSON.parsestdout; , '',...

dbl (>=0.0.7 <=0.1.12), dbl2 (>=0.5.4 <=0.5.6) +7 more potentially affected by CVE-2020-7697 via mock2easy (>=0.0.20 <=0.0.6)

mock2easy NPM version =0.0.20, =0.0.7, =0.5.4, =1.0.3, =0.4.0, =1.2.0, =0.0.1, =1.0.2, =0.0.1, =0.0.2 Source cves: CVE-2020-7697 Source advisory: SNYK:JS-MOCK2EASY-572312...

Remote Code Execution (RCE)

mock2easy is vulnerable to remote code execution RCE. A malicious user can inject and execute arbitrary code due to the lack of sanitization of user input before executing the eval function...