CVE-2020-7673

Summary

node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend function(A,B,as,isAargs) located within lib/extend.js is executed by the eval function, resulting in code execution.

Affected Software

VendorProductVersion RangeStatus
n/anode-extendAll versions including 0.2.0affected

Weaknesses

  • Arbitrary Code Execution

ADP Enrichment

CVE Program Container

Additional References

References