EUVD-2021-0917

Malware in sbrugna...

trentm/json vulnerable to command injection

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function...

GHSA-3C6G-PVG8-GQW2 trentm/json vulnerable to command injection

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function...

Command Injection

json is vulnerable to command injection. The vulnerability exists because it does not sufficiently filter the lookup string argument to the function parseLookup, allowing an attacker to pass malicious commands through it...

CVE-2020-7712

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function...

CVE-2020-7712

CVE-2020-7712—Initial public details: the vulnerability in json package prior to 10.0.0 enables arbitrary command injection via parseLookup. Connected data from a Nessus plugin (Oracle Siebel Server <= 22.5) cites the CVE and describes a vulnerability in Siebel CRM (component: Loging/APache Zo...

CVE-2020-7712 Command Injection

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function...

PT-2020-19734 · Json · Json

Name of the Vulnerable Software and Affected Versions: json versions prior to 10.0.0 Description: The issue allows for the injection of arbitrary commands using the parseLookup function. Recommendations: For versions prior to 10.0.0, update to version 10.0.0 or later to resolve the issue. As a...