CVE-2020-7781

Опубликовано: 16 дек. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:

Ссылки

https://github.com/skoranga/node-connection-tester/pull/10
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-CONNECTIONTESTER-1048337
Exploit
Third Party Advisory
https://github.com/skoranga/node-connection-tester/pull/10
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-CONNECTIONTESTER-1048337
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:connection-tester_project:connection-tester:*:*:*:*:*:node.js:*:*

Версия до 0.2.1 (исключая)

EPSS

Процентиль: 68%

0.0056

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-w5mp-8p8w-mhh8