Detections
Analytics

CVE-2020-7678

critical

Description

This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".

References

https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691

https://github.com/mahdaen/node-import/blob/master/index.js%23L79

Details

Source: Mitre, NVD

Published: 2022-07-25

Updated: 2022-08-01

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical