CVE-2020-7789

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7789

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7789.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-7789

Aliases

GHSA-5fw9-fq32-wv5p
SNYK-JAVA-ORGWEBJARSNPM-1050371
SNYK-JS-NODENOTIFIER-1035794

Related

RHSA-2021:0781

Published

2020-12-11T10:15:12Z

Modified

2024-09-03T03:41:43.943043Z

Severity

5.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator

Summary

[none]

Details

This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.

References

Affected packages

Git / github.com/mikaelbr/node-notifier

Affected ranges

Type: GIT
Repo: https://github.com/mikaelbr/node-notifier
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5d62799dab88505a709cd032653b2320c5813fce