CVE-2020-7673

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

EUVD-2021-1043

Malware in sbrugna...

EUVD-2019-0337

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2018-16491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...

GHSA-CG42-4WRC-GP47 Code Injection in node-extend

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

Code Injection in node-extend

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

@qbunnyteam/superlogin (>=0.0.3 <=0.0.4), @sensu/superlogin (>=1.2.2 <=1.2.6) +16 more potentially affected by CVE-2020-7673 via node-extend (=0.2.0)

node-extend NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-extend and may be impacted: - @qbunnyteam/superlogin =0.0.3, =1.2.2, =0.1.0, =0.1.0, =0.0.0, =0.2.0, =4.1.4, =1.1.0, =1.4.1 and more Source cves: CVE-2020-7673 Source...

Arbitrary Code Execution

node-extend is vulnerable to arbitrary code execution. Untrusted user input as argument A to the functionA,B,as,isAargs in lib/extend.js is passed to the eval function without validation, allowing an attacker to execute arbitrary code...

node-extend input validation error vulnerability

node-extend is an extension package for Node.js. An input validation error vulnerability exists in node-extend 0.2.0 and earlier versions, which can be exploited by an attacker to execute arbitrary code...

CVE-2020-7673

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

Remote code execution

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

CVE-2020-7673

CVE-2020-7673 affects node-extend up to version 0.2.0. The vulnerability arises in the extend(A,B,as,isAargs) function (lib/extend.js) where user input is passed to eval, enabling Arbitrary Code Execution. Affected: node-extend 0.2.0 and earlier. Impact: potential remote code execution with netwo...

CVE-2020-7673

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution...

@qbunnyteam/superlogin (>=0.0.3 <=0.0.4), @sensu/superlogin (>=1.2.2 <=1.2.6) +16 more potentially affected by CVE-2020-7673 via node-extend (=0.2.0)

node-extend NPM version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-extend and may be impacted: - @qbunnyteam/superlogin =0.0.3, =1.2.2, =0.1.0, =0.1.0, =0.0.0, =0.2.0, =4.1.4, =1.1.0, =1.4.1 and more Source cves: CVE-2020-7673 Source...

Arbitrary Code Execution

Overview node-extend is an extend for node.js. Affected versions of this package are vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend functionA,B,as,isAargs located within lib/extend.js is executed by the eval function, resulting in code execution. PoC var...

3vot-salesforce-proxy (>=0.0.1 <=0.1.6), 47pages-keystone (>=0.0.1 <=0.0.5) +712 more potentially affected by CVE-2018-16491 via node.extend (>=0.0.1 <=1.1.6)

node.extend NPM version =0.0.1, =0.0.1, =0.0.1, =0.1.8, =0.0.6, =0.2.8-aneilbaboo1, =0.2.1, =0.5.0, =1.0.37, =0.2.1, =1.0.0, =0.2.35, =0.0.1, =2.3.1 and more Source cves: CVE-2018-16491 Source advisory: OSV:GHSA-R96C-57PF-9JJM...

@feidao-factory/server (>=5.0.201901071713 <=5.0.201901251726), @feidao-factory/service (>=5.0.201812141540 <=5.0.201901071619) +39 more potentially affected by CVE-2018-16491 via node.extend (=2.0.0)

node.extend NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on node.extend and may be impacted: - @feidao-factory/server =5.0.201901071713, =5.0.201812141540, =1.0.1-server20190117165116, =1.0.201901260938, =2.0.0, =0.0.1, =1.0.0,...

DEBIAN-CVE-2018-16491

A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...

UBUNTU-CVE-2018-16491

A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...

Prototype Pollution

node-extend is vulnerable to prototype pollution. The merging of the proto property is not prevented and the Utilities function can be tricked into modifying the prototype of "Object" when the structure passed to these function is controlled by an attacker. This would allow adding or modifying...