CVE-2020-7672

mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...

EUVD-2021-1110

Malware in sbrugna...

@enexus/ravepay (=1.3.0), @iykedapotential/flw-notifier (=0.0.6) +17 more potentially affected by CVE-2020-7672 via mosc (=1.0.0)

mosc NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on mosc and may be impacted: - @enexus/ravepay =1.3.0 - @iykedapotential/flw-notifier =0.0.6 - @legobox/ravepay =1.3.0 - @waptik/ravepay-nodejs =1.2.1-1, =1.0.0, =1.0.0, =1.0.0, =1.0....

GHSA-J665-RVJ7-2JV9 Code Injection in mosc

mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...

Arbitrary Code Execution

mosc is vulnerable to arbitrary code execution. Untrusted user input to the properties argument is passed to the eval function without validation, allowing an attacker to execute arbitrary code...

mosc input validation error vulnerability

mosc is an inline object model generator. A security vulnerability exists in mosc 1.0.0 and earlier versions, which stems from the 'eval' function executing user input passed to the 'properties' parameter. An attacker can exploit this vulnerability to execute code...

CVE-2020-7672

mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...

CVE-2020-7672

mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...

CVE-2020-7672

CVE-2020-7672 affects the mosc package (mosc through 1.0.0). The vulnerability lies in user input passed to the properties argument, which is executed via eval, leading to arbitrary code execution. In practice, a crafted input can cause code execution in impacted environments (SNYK provides a Pro...

Arbitrary Code Execution

Overview mosc is an a simple inline object model builder for NodeJS A small port exists for client-side javascript. Affected versions of this package are vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code executio...

@enexus/ravepay (=1.3.0), @iykedapotential/flw-notifier (=0.0.6) +17 more potentially affected by CVE-2020-7672 via mosc (=1.0.0)

mosc NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on mosc and may be impacted: - @enexus/ravepay =1.3.0 - @iykedapotential/flw-notifier =0.0.6 - @legobox/ravepay =1.3.0 - @waptik/ravepay-nodejs =1.2.1-1, =1.0.0, =1.0.0, =1.0.0, =1.0....