|
199251
|
5.3 |
MEDIUM
Local
|
yargs
|
yargs-parser
|
yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7608
|
2024-11-21 14:37 |
2020-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199252
|
9.8 |
CRITICAL
Network
|
gulp-styledocco_project
|
gulp-styledocco
|
gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization.
|
CWE-78
OS Command
|
CVE-2020-7607
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199253
|
9.8 |
CRITICAL
Network
|
docker-compose-remote-api_project
|
docker-compose-remote-api
|
docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable '…
|
CWE-78
OS Command
|
CVE-2020-7606
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199254
|
9.8 |
CRITICAL
Network
|
gulp-tape_project
|
gulp-tape
|
gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands as part of 'gulp-tape' options.
|
CWE-78
OS Command
|
CVE-2020-7605
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199255
|
9.8 |
CRITICAL
Network
|
pulverizr_project
|
pulverizr
|
pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct…
|
CWE-78
OS Command
|
CVE-2020-7604
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199256
|
9.8 |
CRITICAL
Network
|
closure-compiler-stream_project
|
closure-compiler-stream
|
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization.
|
CWE-78
OS Command
|
CVE-2020-7603
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199257
|
9.8 |
CRITICAL
Network
|
node-prompt-here_project
|
node-prompt-here
|
node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env…
|
CWE-78
OS Command
|
CVE-2020-7602
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199258
|
9.8 |
CRITICAL
Network
|
gulp-scss-lint_project
|
gulp-scss-lint
|
gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options.
|
CWE-78
OS Command
|
CVE-2020-7601
|
2024-11-21 14:37 |
2020-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199259
|
5.3 |
MEDIUM
Network
|
querymen_project
|
querymen
|
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7600
|
2024-11-21 14:37 |
2020-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
199260
|
5.6 |
MEDIUM
Network
|
substack
opensuse
|
minimist
leap
|
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7598
|
2024-11-21 14:37 |
2020-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
