CVE-2020-7712: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
(updated )
This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.
References
- github.com/advisories/GHSA-3c6g-pvg8-gqw2
- github.com/trentm/json/issues/144
- github.com/trentm/json/pull/145
- nvd.nist.gov/vuln/detail/CVE-2020-7712
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-608931
- snyk.io/vuln/SNYK-JS-JSON-597481
- www.oracle.com//security-alerts/cpujul2021.html
- www.oracle.com/security-alerts/cpujan2022.html
- www.oracle.com/security-alerts/cpujul2022.html
Detect and mitigate CVE-2020-7712 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →