cve/2020/CVE-2020-7678.md

### [CVE-2020-7678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7678)
![](https://img.shields.io/static/v1?label=Product&message=node-import&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%200%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Arbitrary%20Code%20Execution&color=brighgreen)

### Description

This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".

### POC

#### Reference
- https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691
- https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691

#### Github
No PoCs found on GitHub currently.
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2020-7678](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7678)`
			`![](https://img.shields.io/static/v1?label=Product&message=node-import&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3E%3D%200%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=Arbitrary%20Code%20Execution&color=brighgreen)`

			`### Description`

			`This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".`

			`### POC`

			`#### Reference`
			`- https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691`
Update CVE sources 2024-06-09 00:33 2024-06-09 00:33:16 +00:00			`- https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00
			`#### Github`
			`No PoCs found on GitHub currently.`