|
198001
|
7.8 |
HIGH
Local
|
fsa_project
|
fsa
|
fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', located within 'lib/rep.js#63' can be controlled by users without any sanitization to inject arbitrary …
|
CWE-78
OS Command
|
CVE-2020-7615
|
2024-11-21 14:37 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198002
|
9.8 |
CRITICAL
Network
|
npm-programmatic_project
|
npm-programmatic
|
npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly.
|
CWE-20
CWE-78
Improper Input Validation
OS Command
|
CVE-2020-7614
|
2024-11-21 14:37 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198003
|
8.1 |
HIGH
Network
|
clamscan_project
|
clamscan
|
clamscan through 1.2.0 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the `_is_clamav_binary` function located within `Index.js`. It should be noted that t…
|
CWE-78
OS Command
|
CVE-2020-7613
|
2024-11-21 14:37 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198004
|
9.8 |
CRITICAL
Network
|
jooby
|
jooby
|
This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused fo…
|
NVD-CWE-Other
|
CVE-2020-7622
|
2024-11-21 14:37 |
2020-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198005
|
5.3 |
MEDIUM
Network
|
dot_project
|
dot
|
eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7639
|
2024-11-21 14:37 |
2020-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198006
|
5.3 |
MEDIUM
Network
|
confinit_project
|
confinit
|
confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7638
|
2024-11-21 14:37 |
2020-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198007
|
5.3 |
MEDIUM
Network
|
class-transformer_project
|
class-transformer
|
class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a __pr…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2020-7637
|
2024-11-21 14:37 |
2020-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198008
|
9.8 |
CRITICAL
Network
|
adb-driver_project
|
adb-driver
|
adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function.
|
CWE-78
OS Command
|
CVE-2020-7636
|
2024-11-21 14:37 |
2020-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198009
|
9.8 |
CRITICAL
Network
|
compass-compile_project
|
compass-compile
|
compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument.
|
CWE-78
OS Command
|
CVE-2020-7635
|
2024-11-21 14:37 |
2020-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
198010
|
9.8 |
CRITICAL
Network
|
heroku-addonpool_project
|
heroku-addonpool
|
heroku-addonpool through 0.1.15 is vulnerable to Command Injection.
|
CWE-78
OS Command
|
CVE-2020-7634
|
2024-11-21 14:37 |
2020-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
