logo

Vulnerability details for CVE-2020-7678 

This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the ?eval? function located in line 79 in the index file "index.js".

CVSS Score (Vector) 0 ()
ThreatWorx Rating 4 - Critical
Weakness Types Code Execution, Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Reported By Security Research, Open Source, GitHub
First Reported Jun 15, 2020 by Open Source
Last Updated Sep 30, 2022 by GitHub
NVD Status Published CVE-2020-7678
Affected Products 31 affected product(s) reported by Security Research, Open Source, GitHub
Patches No known patches
Remediations 1 remediation(s) published by Open Source
Latest Reference GitHub
Signup for our Free Tier
ThreatWorx Inc.