GHSA-6q48-vjq2-mwcj

Source

https://github.com/advisories/GHSA-6q48-vjq2-mwcj

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-6q48-vjq2-mwcj/GHSA-6q48-vjq2-mwcj.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6q48-vjq2-mwcj

Aliases

CVE-2020-7628

Published

2020-06-10T20:28:03Z

Modified

2026-03-13T22:11:36.404978Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Command Injection in umount

Details

All versions of umount are vulnerable to Command Injection. The package fails to sanitize input rules and passes it directly to an exec call on the umount function . This may allow attackers to execute arbitrary code in the system if the device value passed to the function is user-controlled.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Database specific

{
    "severity": "CRITICAL",
    "cwe_ids": [
        "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-10T20:24:03Z",
    "nvd_published_at": "2020-04-02T22:15:00Z"
}

References

Affected packages

npm / umount

Package

Name: umount; View open source insights on deps.dev
Purl: pkg:npm/umount

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

1.1.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-6q48-vjq2-mwcj/GHSA-6q48-vjq2-mwcj.json"