Vulnerability Description
This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process.spawn. The issue occurs because child_process.spawn is called with the option shell set to true and because the type parameter is not properly sanitized.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Totaljs | Total.Js | < 3.4.7 |
Related Weaknesses (CWE)
References
- https://github.com/totaljs/framework/commit/6192491ab2631e7c1d317c221f18ea613e2cPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-TOTALJS-1046672ExploitPatchThird Party Advisory
- https://github.com/totaljs/framework/commit/6192491ab2631e7c1d317c221f18ea613e2cPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-TOTALJS-1046672ExploitPatchThird Party Advisory
FAQ
What is CVE-2020-28494?
CVE-2020-28494 is a vulnerability with a CVSS score of 8.6 (HIGH). This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process...
How severe is CVE-2020-28494?
CVE-2020-28494 has been rated HIGH with a CVSS base score of 8.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-28494?
Check the references section above for vendor advisories and patch information. Affected products include: Totaljs Total.Js.