CVE-2020-7677
CVE-2020-7677 affects the node-thenify package before 3.3.1; the name argument is user-controlled and passed to eval without sanitization, enabling arbitrary code execution. Remediation: upgrade to 3.3.1 or newer (Debian LTS indicates fixed in 3.3.0-1+deb10u1).