6 matches found
CVE-2020-7672
mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...
@enexus/ravepay (=1.3.0), @iykedapotential/flw-notifier (=0.0.6) +17 more potentially affected by CVE-2020-7672 via mosc (=1.0.0)
mosc NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on mosc and may be impacted: - @enexus/ravepay =1.3.0 - @iykedapotential/flw-notifier =0.0.6 - @legobox/ravepay =1.3.0 - @waptik/ravepay-nodejs =1.2.1-1, =1.0.0, =1.0.0, =1.0.0, =1.0....
Arbitrary Code Execution
mosc is vulnerable to arbitrary code execution. Untrusted user input to the properties argument is passed to the eval function without validation, allowing an attacker to execute arbitrary code...
CVE-2020-7672
mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution...
Arbitrary Code Execution
Overview mosc is an a simple inline object model builder for NodeJS A small port exists for client-side javascript. Affected versions of this package are vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code executio...
@enexus/ravepay (=1.3.0), @iykedapotential/flw-notifier (=0.0.6) +17 more potentially affected by CVE-2020-7672 via mosc (=1.0.0)
mosc NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on mosc and may be impacted: - @enexus/ravepay =1.3.0 - @iykedapotential/flw-notifier =0.0.6 - @legobox/ravepay =1.3.0 - @waptik/ravepay-nodejs =1.2.1-1, =1.0.0, =1.0.0, =1.0.0, =1.0....