admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2020/7xxx/CVE-2020-7677.json

117 lines
4.2 KiB
JSON
Raw Normal View History

"-Synchronized-Data."
2020-01-21 23:01:29 +00:00
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
Adds CVE-2020-7677
2022-07-25 15:03:59 +01:00
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2022-07-25T14:03:57.784005Z",
"-Synchronized-Data."
2020-01-21 23:01:29 +00:00
"ID": "CVE-2020-7677",
Adds CVE-2020-7677
2022-07-25 15:03:59 +01:00
"STATE": "PUBLIC",
"TITLE": "Arbitrary Code Execution"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "thenify",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "3.3.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"-Synchronized-Data."
2022-07-25 15:00:53 +00:00
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-JS-THENIFY-571690",
"name": "https://security.snyk.io/vuln/SNYK-JS-THENIFY-571690"
Adds CVE-2020-7677
2022-07-25 15:03:59 +01:00
},
{
"-Synchronized-Data."
2022-07-25 15:00:53 +00:00
"refsource": "MISC",
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-572317",
"name": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-572317"
Adds CVE-2020-7677
2022-07-25 15:03:59 +01:00
},
{
"-Synchronized-Data."
2022-07-25 15:00:53 +00:00
"refsource": "MISC",
"url": "https://github.com/thenables/thenify/blob/master/index.js%23L17",
"name": "https://github.com/thenables/thenify/blob/master/index.js%23L17"
Adds CVE-2020-7677
2022-07-25 15:03:59 +01:00
},
{
"-Synchronized-Data."
2022-07-25 15:00:53 +00:00
"refsource": "MISC",
"url": "https://github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a",
"name": "https://github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a"
"-Synchronized-Data."
2022-10-01 01:00:31 +00:00
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20220930 [SECURITY] [DLA 3128-1] node-thenify security update",
"url": "https://lists.debian.org/debian-lts-announce/2022/09/msg00039.html"
"-Synchronized-Data."
2023-01-21 05:00:40 +00:00
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-ce8943223c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/"
"-Synchronized-Data."
2023-01-21 06:00:38 +00:00
},
{
"refsource": "FEDORA",
"name": "FEDORA-2023-18fd476362",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/"
Adds CVE-2020-7677
2022-07-25 15:03:59 +01:00
}
]
"-Synchronized-Data."
2020-01-21 23:01:29 +00:00
},
"description": {
"description_data": [
{
"lang": "eng",
"-Synchronized-Data."
2022-07-25 15:00:53 +00:00
"value": "This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization."
"-Synchronized-Data."
2020-01-21 23:01:29 +00:00
}
]
Adds CVE-2020-7677
2022-07-25 15:03:59 +01:00
},
"impact": {
"cvss": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:U/RC:C",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
}
},
"credit": [
{
"lang": "eng",
"value": "JHU System Security Lab"
}
]
"-Synchronized-Data."
2020-01-21 23:01:29 +00:00
}
Reference in New Issue Copy Permalink