CVE-2020-28464

Command Injection in npm/djv

Identifier

CVE-2020-28464

Package Slug

npm/djv

Vulnerability

Command Injection

Description

By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.

Affected Versions

All versions before 2.1.4

Solution

Upgrade to version 2.1.4 or above.

Last Modified

2021-01-08

source