We found results for “”
CVE-2020-7677
Good to know:
Date: July 25, 2022
This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.
Language: JS
Severity Score
Related Resources (11)
Severity Score
Weakness Type (CWE)
OS Command Injections
CWE-78Insufficient Information
NVD-CWE-noinfoTop Fix
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | LOW |
Availability (A): | LOW |