Lucene search
Veracode Vulnerability DatabaseVERACODE:25709HistoryJun 19, 2020 - 3:00 a.m.
Arbitrary Code Injection
2020-06-1903:00:24
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.002 Low
EPSS
Percentile
59.8%
thenify is vulnerable to arbitrary code execution. Untrusted user input is passed to the eval function which would allow an attacker to inject and execute arbitrary code on the system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| thenify | le | 3.3.0 | |
| thenify | le | 3.3.0 | |
| node-thenify:bullseye | eq | 3.3.0-1 | |
| node-thenify:sid | eq | 3.3.0-1 | |
| thenify | le | 3.3.0 | |
| thenify | le | 3.3.0 | |
| node-thenify:bullseye | eq | 3.3.0-1 | |
| node-thenify:sid | eq | 3.3.0-1 |
References
github.com/thenables/thenify/blob/master/index.js%23L17
github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a
github.com/thenables/thenify/issues/29
github.com/thenables/thenify/pull/30
lists.debian.org/debian-lts-announce/2022/09/msg00039.html
lists.fedoraproject.org/archives/list/[email protected]/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/
lists.fedoraproject.org/archives/list/[email protected]/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/
Related
osv
osv
node-thenify vulnerability
2023-04-13 17:23:24
node-thenify - security update
2022-10-01 00:00:00
CVE-2020-7677
2022-07-25 14:15:10
nvd
nvd
CVE-2020-7677
2022-07-25 14:15:10
prion
prion
Session fixation
2022-07-25 14:15:00
ubuntu
ubuntu
thenify vulnerability
2023-04-13 00:00:00
debian
debian
[SECURITY] [DLA 3128-1] node-thenify security update
2022-09-30 22:55:44
openvas
openvas
Ubuntu: Security Advisory (USN-6016-1)
2023-04-14 00:00:00
Debian: Security Advisory (DLA-3128-1)
2022-10-01 00:00:00
Fedora: Security Advisory for yarnpkg (FEDORA-2023-18fd476362)
2023-01-22 00:00:00
cve
cve
CVE-2020-7677
2022-07-25 14:15:10
debiancve
debiancve
CVE-2020-7677
2022-07-25 14:15:10
ubuntucve
ubuntucve
CVE-2020-7677
2022-07-25 00:00:00
redhatcve
redhatcve
CVE-2020-7677
2022-09-16 05:13:17
nessus
nessus
Debian DLA-3128-1 : node-thenify - LTS security update
2022-09-30 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS : thenify vulnerability (USN-6016-1)
2023-04-13 00:00:00
Fedora 36 : yarnpkg (2023-18fd476362)
2023-01-21 00:00:00
cvelist
cvelist
CVE-2020-7677 Arbitrary Code Execution
2022-07-25 00:00:00
github
github
thenify before 3.3.1 made use of unsafe calls to `eval`.
2022-07-18 19:15:29
fedora
fedora
[SECURITY] Fedora 36 Update: yarnpkg-1.22.19-3.fc36
2023-01-21 03:43:23
[SECURITY] Fedora 37 Update: yarnpkg-1.22.19-3.fc37
2023-01-21 03:34:16
[SECURITY] Fedora 37 Update: yarnpkg-1.22.19-5.fc37
2023-03-30 01:21:37