Auto-merge PR#6633

2025-07-30 18:04:30 +00:00 · 2022-07-25 10:12:57 -04:00 · 2022-07-25 10:12:57 -04:00 · c5e798b038
commit c5e798b038
parent fecc61430c dab623d410
1 changed files with 84 additions and 4 deletions
--- a/2020/7xxx/CVE-2020-7677.json
+++ b/2020/7xxx/CVE-2020-7677.json
@ -3,16 +3,96 @@
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "report@snyk.io",
+        "DATE_PUBLIC": "2022-07-25T14:03:57.784005Z",
        "ID": "CVE-2020-7677",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Arbitrary Code Execution"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "thenify",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_value": "3.3.1"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Arbitrary Code Execution"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://security.snyk.io/vuln/SNYK-JS-THENIFY-571690"
+            },
+            {
+                "refsource": "CONFIRM",
+                "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-572317"
+            },
+            {
+                "refsource": "CONFIRM",
+                "url": "https://github.com/thenables/thenify/blob/master/index.js%23L17"
+            },
+            {
+                "refsource": "CONFIRM",
+                "url": "https://github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "This affects the package thenify before 3.3.1.\n The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.\r\n\r\n\r\n"
            }
        ]
-    }
+    },
+    "impact": {
+        "cvss": {
+            "version": "3.1",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:U/RC:C",
+            "baseScore": 8.6,
+            "baseSeverity": "HIGH",
+            "attackVector": "NETWORK",
+            "attackComplexity": "LOW",
+            "privilegesRequired": "NONE",
+            "userInteraction": "NONE",
+            "scope": "UNCHANGED",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "LOW",
+            "availabilityImpact": "LOW"
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "JHU System Security Lab"
+        }
+    ]
 }