thenify is vulnerable to arbitrary code execution. Untrusted user input is passed to the eval
function which would allow an attacker to inject and execute arbitrary code on the system.
CPE | Name | Operator | Version |
---|---|---|---|
thenify | le | 3.3.0 | |
thenify | le | 3.3.0 | |
node-thenify:bullseye | eq | 3.3.0-1 | |
node-thenify:sid | eq | 3.3.0-1 | |
thenify | le | 3.3.0 | |
thenify | le | 3.3.0 | |
node-thenify:bullseye | eq | 3.3.0-1 | |
node-thenify:sid | eq | 3.3.0-1 |
github.com/thenables/thenify/blob/master/index.js%23L17
github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a
github.com/thenables/thenify/issues/29
github.com/thenables/thenify/pull/30
lists.debian.org/debian-lts-announce/2022/09/msg00039.html
lists.fedoraproject.org/archives/list/[email protected]/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/
lists.fedoraproject.org/archives/list/[email protected]/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/