This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.
References
Configurations
History
23 Feb 2023, 16:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
|
References |
|
01 Aug 2022, 17:22
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CPE | cpe:2.3:a:thenify_project:thenify:*:*:*:*:*:node.js:*:* | |
References | (CONFIRM) https://github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a - Patch, Third Party Advisory | |
References | (CONFIRM) https://github.com/thenables/thenify/blob/master/index.js%23L17 - Broken Link, Third Party Advisory | |
References | (CONFIRM) https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-572317 - Exploit, Third Party Advisory | |
References | (CONFIRM) https://security.snyk.io/vuln/SNYK-JS-THENIFY-571690 - Exploit, Third Party Advisory |
25 Jul 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-07-25 14:15
Updated : 2024-02-04 22:51
NVD link : CVE-2020-7677
Mitre link : CVE-2020-7677
CVE.ORG link : CVE-2020-7677
JSON object : View
Products Affected
thenify_project
- thenify
debian
- debian_linux
fedoraproject
- fedora
CWE