Vulnerability Description
This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.
CVSS Score
5.6
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Node-Notifier Project | Node-Notifier | < 8.0.1 |
Related Weaknesses (CWE)
References
- https://github.com/mikaelbr/node-notifier/blob/master/lib/utils.js%23L303Broken Link
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050371Third Party Advisory
- https://snyk.io/vuln/SNYK-JS-NODENOTIFIER-1035794Third Party Advisory
- https://github.com/mikaelbr/node-notifier/blob/master/lib/utils.js%23L303Broken Link
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050371Third Party Advisory
- https://snyk.io/vuln/SNYK-JS-NODENOTIFIER-1035794Third Party Advisory
FAQ
What is CVE-2020-7789?
CVE-2020-7789 is a vulnerability with a CVSS score of 5.6 (MEDIUM). This affects the package node-notifier before 9.0.0. It allows an attacker to run arbitrary commands on Linux machines due to the options params not being sanitised when being passed an array.
How severe is CVE-2020-7789?
CVE-2020-7789 has been rated MEDIUM with a CVSS base score of 5.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7789?
Check the references section above for vendor advisories and patch information. Affected products include: Node-Notifier Project Node-Notifier.