CVE-2020-7640

Опубликовано: 27 апр. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create function can be controlled by users without any sanitization.

Ссылки

https://github.com/jhuckaby/pixl-class/commit/47677a3638e3583e42f3a05cc7f0b30293d2acc8%2C
https://snyk.io/vuln/SNYK-JS-PIXLCLASS-564968
Patch
Third Party Advisory
https://github.com/jhuckaby/pixl-class/commit/47677a3638e3583e42f3a05cc7f0b30293d2acc8
Patch
Third Party Advisory
https://github.com/jhuckaby/pixl-class/commit/47677a3638e3583e42f3a05cc7f0b30293d2acc8%2C
https://snyk.io/vuln/SNYK-JS-PIXLCLASS-564968
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pixlcore:pixl-class:*:*:*:*:*:node.js:*:*

Версия до 1.0.3 (исключая)

EPSS

Процентиль: 70%

0.00646

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-vm5j-vqr6-v7v8