GHSA-ww4j-c2rq-47q8

Suggest an improvement
Source
https://github.com/advisories/GHSA-ww4j-c2rq-47q8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/01/GHSA-ww4j-c2rq-47q8/GHSA-ww4j-c2rq-47q8.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-ww4j-c2rq-47q8
Aliases
  • CVE-2020-7784
Published
2021-01-13T18:22:28Z
Modified
2023-11-08T04:04:10.336909Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Command injection in ts-process-promises
Details

This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js.

Database specific
{
    "github_reviewed_at": "2021-01-12T23:54:52Z",
    "severity": "CRITICAL",
    "cwe_ids": [
        "CWE-77"
    ],
    "github_reviewed": true,
    "nvd_published_at": "2021-01-08T13:15:00Z"
}
References

Affected packages

npm / ts-process-promises

Package

Name
ts-process-promises
View open source insights on deps.dev
Purl
pkg:npm/ts-process-promises

Affected ranges

Affected versions

1.*

1.0.2