• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-78

CVE-2020-7604

February 26, 2023 by

pulverizr through 0.7.0 allows execution of arbitrary commands. Within “lib/job.js”, the variable “filename” can be controlled by the attacker. This function uses the variable “filename” to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command.

CVE-2020-7605

February 26, 2023 by

gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of ‘gulp-tape’ options.

CVE-2020-7606

February 26, 2023 by

docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within ‘index.js’ of the package, the function ‘exec(serviceName, cmd, fnStdout, fnStderr, fnExit)’ uses the variable ‘serviceName’ which can be controlled by users without any sanitization.

CVE-2020-7607

February 26, 2023 by

gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument ‘options’ of the exports function in ‘index.js’ can be controlled by users without any sanitization.

CVE-2020-7613

February 26, 2023 by

clamscan through 1.2.0 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the `_is_clamav_binary` function located within `Index.js`. It should be noted that this vulnerability requires a pre-requisite that a folder should be created with the same command that will be chained to execute. This lowers the risk of this issue.

CVE-2020-7614

February 26, 2023 by

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the ‘exec’ function directly.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 79
  • Go to page 80
  • Go to page 81
  • Go to page 82
  • Go to page 83
  • Interim pages omitted …
  • Go to page 342
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE