CVE-2020-7678
8.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L/E:P/RL:U/RC:C
Summary
This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | node-import | 0 < unspecified | affected |
Weaknesses
- Arbitrary Code Execution
ADP Enrichment
CVE Program Container
Additional References
- https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691
- https://github.com/mahdaen/node-import/blob/master/index.js%23L79
References
- https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691
- https://github.com/mahdaen/node-import/blob/master/index.js%23L79
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.