Identifier

CVE-2020-7673

Package Slug

npm/node-extend

Vulnerability

Improper Input Validation

Description

node-extend is vulnerable to Arbitrary Code Execution. User input provided to the argument A of extend function(A, B, as, isAargs) located within lib/extend.js is executed by the eval function, resulting in code execution.

Affected Versions

All versions up to 0.2.0

Solution

Unfortunately, there is no solution available yet.

Last Modified

2020-06-17

source