CVE-2020-7677

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in maven/org.webjars.npm/thenify

Identifiers

GHSA-29xr-v42j-r956, CVE-2020-7677

Package Slug

maven/org.webjars.npm/thenify

Vulnerability

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Description

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.

Affected Versions

All versions before 3.3.1

Solution

Upgrade to version 3.3.1 or above.

Last Modified

2022-07-26

source