GHSA-3c6g-pvg8-gqw2

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-3c6g-pvg8-gqw2/GHSA-3c6g-pvg8-gqw2.json
Aliases
  • CVE-2020-7712
Published
2021-05-06T18:11:21Z
Modified
2023-03-14T05:43:47.984759Z
Details

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.

References

Affected packages

npm / json

json

Affected ranges

Type
SEMVER
Events
Introduced
0
Fixed
10.0.0

Affected versions

Maven / org.webjars.npm:json

org.webjars.npm:json

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0
Last affected
9.0.6

Affected versions

9.*

9.0.6