Adds CVE-2020-7677

2025-07-29 05:56:59 +00:00 · 2022-07-25 15:03:59 +01:00 · 2022-07-25 15:03:59 +01:00 · dab623d410
commit dab623d410
parent d9811deb3b
1 changed files with 84 additions and 4 deletions
--- a/2020/7xxx/CVE-2020-7677.json
+++ b/2020/7xxx/CVE-2020-7677.json
@ -3,16 +3,96 @@
    "data_format": "MITRE",
    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "report@snyk.io",
+        "DATE_PUBLIC": "2022-07-25T14:03:57.784005Z",
        "ID": "CVE-2020-7677",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Arbitrary Code Execution"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "thenify",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_affected": "<",
+                                            "version_value": "3.3.1"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "n/a"
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Arbitrary Code Execution"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "CONFIRM",
+                "url": "https://security.snyk.io/vuln/SNYK-JS-THENIFY-571690"
+            },
+            {
+                "refsource": "CONFIRM",
+                "url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-572317"
+            },
+            {
+                "refsource": "CONFIRM",
+                "url": "https://github.com/thenables/thenify/blob/master/index.js%23L17"
+            },
+            {
+                "refsource": "CONFIRM",
+                "url": "https://github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "This affects the package thenify before 3.3.1.\n The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.\r\n\r\n\r\n"
            }
        ]
-    }
+    },
+    "impact": {
+        "cvss": {
+            "version": "3.1",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:U/RC:C",
+            "baseScore": 8.6,
+            "baseSeverity": "HIGH",
+            "attackVector": "NETWORK",
+            "attackComplexity": "LOW",
+            "privilegesRequired": "NONE",
+            "userInteraction": "NONE",
+            "scope": "UNCHANGED",
+            "confidentialityImpact": "HIGH",
+            "integrityImpact": "LOW",
+            "availabilityImpact": "LOW"
+        }
+    },
+    "credit": [
+        {
+            "lang": "eng",
+            "value": "JHU System Security Lab"
+        }
+    ]
 }