CVE-2020-7673

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

EUVD-2019-0337

Malware in sbrugna...

EUVD-2021-1043

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-16491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...

@qbunnyteam/superlogin (>=0.0.3 <=0.0.4), @sensu/superlogin (>=1.2.2 <=1.2.6) +16 more potentially affected by CVE-2020-7673 via node-extend (=0.2.0)

node-extend NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-extend and may be impacted: - @qbunnyteam/superlogin =0.0.3, =1.2.2, =0.1.0, =0.1.0, =0.0.0, =0.2.0, =4.1.4, =1.1.0, =1.4.1 and more Source cves: CVE-2020-7673 Source...

GHSA-CG42-4WRC-GP47 Code Injection in node-extend

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

Code Injection in node-extend

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

The vulnerability of the eval function in the node-extend programming environment arises from insufficient validation of input data, allowing attackers to execute arbitrary code.

The vulnerability of the eval function in the node-extend framework exists due to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Arbitrary Code Execution

node-extend is vulnerable to arbitrary code execution. Untrusted user input as argument A to the functionA,B,as,isAargs in lib/extend.js is passed to the eval function without validation, allowing an attacker to execute arbitrary code...

node-extend input validation error vulnerability

node-extend is an extension package for Node.js. An input validation error vulnerability exists in node-extend 0.2.0 and earlier versions, which can be exploited by an attacker to execute arbitrary code...

CVE-2020-7673

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

Remote code execution

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

CVE-2020-7673

CVE-2020-7673 affects node-extend up to version 0.2.0. The vulnerability arises in the extend(A,B,as,isAargs) function (lib/extend.js) where user input is passed to eval, enabling Arbitrary Code Execution. Affected: node-extend 0.2.0 and earlier. Impact: potential remote code execution with netwo...

CVE-2020-7673

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

@qbunnyteam/superlogin (>=0.0.3 <=0.0.4), @sensu/superlogin (>=1.2.2 <=1.2.6) +16 more potentially affected by CVE-2020-7673 via node-extend (=0.2.0)

node-extend NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-extend and may be impacted: - @qbunnyteam/superlogin =0.0.3, =1.2.2, =0.1.0, =0.1.0, =0.0.0, =0.2.0, =4.1.4, =1.1.0, =1.4.1 and more Source cves: CVE-2020-7673 Source...

Arbitrary Code Execution

Overview node-extend is an extend for node.js. Affected versions of this package are vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution. PoC var...

@feidao-factory/server (>=5.0.201901071713 <=5.0.201901251726), @feidao-factory/service (>=5.0.201812141540 <=5.0.201901071619) +39 more potentially affected by CVE-2018-16491 via node.extend (=2.0.0)

node.extend NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on node.extend and may be impacted: - @feidao-factory/server =5.0.201901071713, =5.0.201812141540, =1.0.1-server20190117165116, =1.0.201901260938, =2.0.0, =0.0.1, =1.0.0,...

3vot-salesforce-proxy (>=0.0.1 <=0.1.6), 47pages-keystone (>=0.0.1 <=0.0.5) +711 more potentially affected by CVE-2018-16491 via node.extend (>=0.0.1 <=1.1.6)

node.extend NPM version =0.0.1, =0.0.1, =0.0.1, =0.1.8, =0.0.6, =0.2.8-aneilbaboo1, =0.2.1, =0.5.0, =1.0.37, =0.2.1, =1.0.0, =0.2.35, =0.0.1, =2.3.1 and more Source cves: CVE-2018-16491 Source advisory: OSV:GHSA-R96C-57PF-9JJM...

DEBIAN-CVE-2018-16491

A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...

UBUNTU-CVE-2018-16491

A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...