2 matches found
0.extends.wechat (>=1.0.51 <=1.0.65), @berkozturk/npm_project_generator (=1.0.0) +113 more potentially affected by CVE-2020-7614 via npm-programmatic (>=0.0.10 <=0.0.12)
npm-programmatic NPM version =0.0.10, =1.0.51, =0.0.2, =0.0.1-dev-preview-19, =0.1.0, =0.2.0, =1.0.0, =0.0.1-rc.1, =0.0.1, =1.0.0, =4.0.0, =0.0.2, =0.0.2, =0.0.3-alpha.18 and more Source cves: CVE-2020-7614 Source advisory: OSV:GHSA-426H-24VJ-QWXF...
CVE-2020-7614
npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly...