Vulnerability Description
npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Npm-Programmatic Project | Npm-Programmatic | <= 0.0.12 |
Related Weaknesses (CWE)
References
- https://github.com/Manak/npm-programmatic/blob/master/index.js#L18PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-NPMPROGRAMMATIC-564115ExploitThird Party Advisory
- https://github.com/Manak/npm-programmatic/blob/master/index.js#L18PatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-NPMPROGRAMMATIC-564115ExploitThird Party Advisory
FAQ
What is CVE-2020-7614?
CVE-2020-7614 is a vulnerability with a CVSS score of 9.8 (CRITICAL). npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly.
How severe is CVE-2020-7614?
CVE-2020-7614 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-7614?
Check the references section above for vendor advisories and patch information. Affected products include: Npm-Programmatic Project Npm-Programmatic.