CVE-2020-7678

node-import `params` argument can be controlled by users without any sanitization in npm/node-import

Identifiers

GHSA-pc62-cq5x-3j5g, CVE-2020-7678

Package Slug

npm/node-import

Vulnerability

node-import params argument can be controlled by users without any sanitization

Description

This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".

Affected Versions

All versions up to 0.9.2

Solution

Unfortunately, there is no solution available yet.

Last Modified

2022-08-09

source