CVE-2020-7604

pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command.
References
Link Resource
https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:pulverizr_project:pulverizr:*:*:*:*:*:node.js:*:*

Information

Published : 2020-03-15 10:15

Updated : 2021-07-21 11:39


NVD link : CVE-2020-7604

Mitre link : CVE-2020-7604

Products Affected
No products.
CWE