CVE-2020-7614
N/A
N/A
Summary
npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | npm-programmatic | All versions including 0.0.12 | affected |
Weaknesses
- Command Injection
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-JS-NPMPROGRAMMATIC-564115
- https://github.com/Manak/npm-programmatic/blob/master/index.js#L18
References
- https://snyk.io/vuln/SNYK-JS-NPMPROGRAMMATIC-564115
- https://github.com/Manak/npm-programmatic/blob/master/index.js#L18
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.