GHSA-3c6g-pvg8-gqw2

Source
https://github.com/advisories/GHSA-3c6g-pvg8-gqw2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-3c6g-pvg8-gqw2/GHSA-3c6g-pvg8-gqw2.json
Aliases
  • CVE-2020-7712
  • SNYK-JAVA-ORGWEBJARS-608932
  • SNYK-JAVA-ORGWEBJARSNPM-608931
  • SNYK-JS-JSON-597481
Published
2021-05-06T18:11:21Z
Modified
2024-02-16T08:24:46.669415Z
Details

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.

References

Affected packages

npm / json

Package

Name
json

Affected ranges

Type
SEMVER
Events
Introduced
0The exact introduced commit is unknown
Fixed
10.0.0

Maven / org.webjars.npm:json

Package

Name
org.webjars.npm:json

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0The exact introduced commit is unknown
Last affected
9.0.6

Affected versions

9.*

9.0.6