CVE-2020-7649
This affects the package snyk-broker before 4.73.0. It allows arbitrary file reads for users with access to Snyk’s internal network via directory traversal.
Source: CVE-2020-7649
[월:] 2022년 07월
CVE-2020-28445
CVE-2020-28445
This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function.
Source: CVE-2020-28445
CVE-2020-28443
CVE-2020-28443
This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js.
Source: CVE-2020-28443
CVE-2020-28447
CVE-2020-28447
This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath)
Source: CVE-2020-28447
CVE-2020-28446
CVE-2020-28446
The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.
Source: CVE-2020-28446
CVE-2020-28459
CVE-2020-28459
This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link.
Source: CVE-2020-28459
CVE-2020-28461
CVE-2020-28461
This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context.
Source: CVE-2020-28461
CVE-2020-28462
CVE-2020-28462
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context.
Source: CVE-2020-28462
CVE-2020-28471
CVE-2020-28438
CVE-2020-28438
This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js
Source: CVE-2020-28438