cvelist/2020/7xxx/CVE-2020-7678.json

{
    "data_type": "CVE",
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
        "ASSIGNER": "report@snyk.io",
        "DATE_PUBLIC": "2022-07-25T14:04:01.659312Z",
        "ID": "CVE-2020-7678",
        "STATE": "PUBLIC",
        "TITLE": "Arbitrary Code Execution"
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "product": {
                        "product_data": [
                            {
                                "product_name": "node-import",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": ">=",
                                            "version_value": "0"
                                        }
                                    ]
                                }
                            }
                        ]
                    },
                    "vendor_name": "n/a"
                }
            ]
        }
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Arbitrary Code Execution"
                    }
                ]
            }
        ]
    },
    "references": {
        "reference_data": [
            {
                "refsource": "MISC",
                "url": "https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691",
                "name": "https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691"
            },
            {
                "refsource": "MISC",
                "url": "https://github.com/mahdaen/node-import/blob/master/index.js%23L79",
                "name": "https://github.com/mahdaen/node-import/blob/master/index.js%23L79"
            }
        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "This affects all versions of package node-import. The \"params\" argument of module function can be controlled by users without any sanitization.b. This is then provided to the \u201ceval\u201d function located in line 79 in the index file \"index.js\"."
            }
        ]
    },
    "impact": {
        "cvss": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:U/RC:C",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "attackVector": "NETWORK",
            "attackComplexity": "LOW",
            "privilegesRequired": "NONE",
            "userInteraction": "NONE",
            "scope": "UNCHANGED",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "availabilityImpact": "LOW"
        }
    },
    "credit": [
        {
            "lang": "eng",
            "value": "JHU System Security Lab"
        }
    ]
}
"-Synchronized-Data." 2020-01-21 23:01:29 +00:00			`{`
			`"data_type": "CVE",`
			`"data_format": "MITRE",`
			`"data_version": "4.0",`
			`"CVE_data_meta": {`
Adds CVE-2020-7678 2022-07-25 15:04:03 +01:00			`"ASSIGNER": "report@snyk.io",`
			`"DATE_PUBLIC": "2022-07-25T14:04:01.659312Z",`
"-Synchronized-Data." 2020-01-21 23:01:29 +00:00			`"ID": "CVE-2020-7678",`
Adds CVE-2020-7678 2022-07-25 15:04:03 +01:00			`"STATE": "PUBLIC",`
			`"TITLE": "Arbitrary Code Execution"`
			`},`
			`"affects": {`
			`"vendor": {`
			`"vendor_data": [`
			`{`
			`"product": {`
			`"product_data": [`
			`{`
			`"product_name": "node-import",`
			`"version": {`
			`"version_data": [`
			`{`
			`"version_affected": ">=",`
			`"version_value": "0"`
			`}`
			`]`
			`}`
			`}`
			`]`
			`},`
			`"vendor_name": "n/a"`
			`}`
			`]`
			`}`
			`},`
			`"problemtype": {`
			`"problemtype_data": [`
			`{`
			`"description": [`
			`{`
			`"lang": "eng",`
			`"value": "Arbitrary Code Execution"`
			`}`
			`]`
			`}`
			`]`
			`},`
			`"references": {`
			`"reference_data": [`
			`{`
"-Synchronized-Data." 2022-07-25 15:00:53 +00:00			`"refsource": "MISC",`
			`"url": "https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691",`
			`"name": "https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691"`
Adds CVE-2020-7678 2022-07-25 15:04:03 +01:00			`},`
			`{`
"-Synchronized-Data." 2022-07-25 15:00:53 +00:00			`"refsource": "MISC",`
			`"url": "https://github.com/mahdaen/node-import/blob/master/index.js%23L79",`
			`"name": "https://github.com/mahdaen/node-import/blob/master/index.js%23L79"`
Adds CVE-2020-7678 2022-07-25 15:04:03 +01:00			`}`
			`]`
"-Synchronized-Data." 2020-01-21 23:01:29 +00:00			`},`
			`"description": {`
			`"description_data": [`
			`{`
			`"lang": "eng",`
"-Synchronized-Data." 2022-07-25 15:00:53 +00:00			`"value": "This affects all versions of package node-import. The \"params\" argument of module function can be controlled by users without any sanitization.b. This is then provided to the \u201ceval\u201d function located in line 79 in the index file \"index.js\"."`
"-Synchronized-Data." 2020-01-21 23:01:29 +00:00			`}`
			`]`
Adds CVE-2020-7678 2022-07-25 15:04:03 +01:00			`},`
			`"impact": {`
			`"cvss": {`
			`"version": "3.1",`
			`"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:U/RC:C",`
			`"baseScore": 8.6,`
			`"baseSeverity": "HIGH",`
			`"attackVector": "NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
			`"scope": "UNCHANGED",`
			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "LOW",`
			`"availabilityImpact": "LOW"`
			`}`
			`},`
			`"credit": [`
			`{`
			`"lang": "eng",`
			`"value": "JHU System Security Lab"`
			`}`
			`]`
"-Synchronized-Data." 2020-01-21 23:01:29 +00:00			`}`