Lucene search
Veracode Vulnerability DatabaseVERACODE:25656HistoryJun 11, 2020 - 7:01 a.m.
Arbitrary Code Execution
2020-06-1107:01:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
EPSS
0.062
Percentile
93.7%
node-extend is vulnerable to arbitrary code execution. Untrusted user input as argument A to the function(A,B,as,isAargs) in lib/extend.js is passed to the eval function without validation, allowing an attacker to execute arbitrary code.
References
Related
prion
prion
Remote code execution
2020-06-10 16:15:00
nvd
nvd
CVE-2020-7673
2020-06-10 16:15:10
checkpoint_advisories
checkpoint_advisories
Node.js Node Extend Remote Code Execution (CVE-2020-7673)
2020-06-28 00:00:00
debiancve
debiancve
CVE-2020-7673
2020-06-10 16:15:10
cvelist
cvelist
CVE-2020-7673
2020-06-10 15:36:01
osv
osv
Code Injection in node-extend
2021-05-17 21:00:37
cve
cve
CVE-2020-7673
2020-06-10 16:15:10
github
github
Code Injection in node-extend
2021-05-17 21:00:37