TROYANOSYVIRUS
Volver a CVEs

CVE-2020-7677

HIGH
8.6

Descripcion

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.

Detalles CVE

Puntuacion CVSS v3.18.6
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/25/2022
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0

Productos afectados

debian:debian_linuxfedoraproject:fedorathenify_project:thenify

Referencias

https://github.com/thenables/thenify/blob/master/index.js%23L17(report@snyk.io)
https://github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a(report@snyk.io)
https://lists.debian.org/debian-lts-announce/2022/09/msg00039.html(report@snyk.io)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/(report@snyk.io)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/(report@snyk.io)
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-572317(report@snyk.io)
https://security.snyk.io/vuln/SNYK-JS-THENIFY-571690(report@snyk.io)
https://github.com/thenables/thenify/blob/master/index.js%23L17(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/09/msg00039.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/(af854a3a-2127-422b-91ae-364da2661108)
https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-572317(af854a3a-2127-422b-91ae-364da2661108)
https://security.snyk.io/vuln/SNYK-JS-THENIFY-571690(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.