CVE-2020-7789

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7789

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7789.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-7789

Aliases

GHSA-5fw9-fq32-wv5p

Downstream

RHSA-2021:0781

Related

SNYK-JAVA-ORGWEBJARSNPM-1050371
SNYK-JS-NODENOTIFIER-1035794

Published

2020-12-11T10:15:12.423Z

Modified

2025-11-19T17:34:07.140586Z

Severity

5.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.

References

Affected packages

Git / github.com/mikaelbr/node-notifier

Affected ranges

Type: GIT
Repo: https://github.com/mikaelbr/node-notifier
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5d62799dab88505a709cd032653b2320c5813fce

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7789.json"