Lucene search
PRIOn knowledge basePRION:CVE-2020-7677HistoryJul 25, 2022 - 2:15 p.m.
Session fixation
2022-07-2514:15:00
PRIOn knowledge base
www.prio-n.com
8
This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.
References
github.com/thenables/thenify/blob/master/index.js%23L17
github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a
lists.debian.org/debian-lts-announce/2022/09/msg00039.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/
security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-572317
security.snyk.io/vuln/SNYK-JS-THENIFY-571690
Related
osv
osv
node-thenify - security update
2022-10-01 00:00:00
CVE-2020-7677
2022-07-25 14:15:10
node-thenify vulnerability
2023-04-13 17:23:24
ubuntu
ubuntu
thenify vulnerability
2023-04-13 00:00:00
nvd
nvd
CVE-2020-7677
2022-07-25 14:15:10
veracode
veracode
Arbitrary Code Injection
2020-06-19 03:00:24
openvas
openvas
Ubuntu: Security Advisory (USN-6016-1)
2023-04-14 00:00:00
Debian: Security Advisory (DLA-3128-1)
2022-10-01 00:00:00
Fedora: Security Advisory for yarnpkg (FEDORA-2023-ce8943223c)
2023-01-22 00:00:00
debian
debian
[SECURITY] [DLA 3128-1] node-thenify security update
2022-09-30 22:55:44
ubuntucve
ubuntucve
CVE-2020-7677
2022-07-25 00:00:00
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS : thenify vulnerability (USN-6016-1)
2023-04-13 00:00:00
Debian DLA-3128-1 : node-thenify - LTS security update
2022-09-30 00:00:00
Fedora 36 : yarnpkg (2023-18fd476362)
2023-01-21 00:00:00
redhatcve
redhatcve
CVE-2020-7677
2022-09-16 05:13:17
debiancve
debiancve
CVE-2020-7677
2022-07-25 14:15:10
cve
cve
CVE-2020-7677
2022-07-25 14:15:10
github
github
thenify before 3.3.1 made use of unsafe calls to `eval`.
2022-07-18 19:15:29
cvelist
cvelist
CVE-2020-7677 Arbitrary Code Execution
2022-07-25 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: yarnpkg-1.22.19-3.fc37
2023-01-21 03:34:16
[SECURITY] Fedora 36 Update: yarnpkg-1.22.19-3.fc36
2023-01-21 03:43:23
[SECURITY] Fedora 37 Update: yarnpkg-1.22.19-5.fc37
2023-03-30 01:21:37