CVE-2020-7601

Summary

gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options.

Affected Software

VendorProductVersion RangeStatus
n/agulp-scss-lintAll versions including 1.0.0affected

Weaknesses

  • Command Injection

ADP Enrichment

CVE Program Container

Additional References

References