2 matches found
CVE-2020-7628
The CVE-2020-7628 entry exposes a Command Injection flaw in the Node.js package umount up to version 1.1.6, where the user-supplied device argument is passed to an exec call without sanitization. Exploitation could allow an attacker to execute arbitrary code on the host. Public reports (Snyk advi...
CVE-2020-7629
CVE-2020-7629 affects install-package up to version 0.4.0 and is a Command Injection vulnerability that allows execution of arbitrary commands via the options argument. The issue is documented across multiple sources (NVD/Red Hat/OSV/GHSA/Snyk) with severity ranging from High to Critical (CVSS v3...