CVE-2020-7645: OS Command Injection
First published: Sat May 02 2020(Updated: )
All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems.
Credit: report@snyk.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| npm/chrome-launcher | <0.13.2 | 0.13.2 |
| Google Chrome | <0.13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-7645?
CVE-2020-7645 is considered a medium severity vulnerability due to its potential to allow OS Command Injection.
How do I fix CVE-2020-7645?
To fix CVE-2020-7645, update chrome-launcher to version 0.13.2 or later.
What platforms are affected by CVE-2020-7645?
CVE-2020-7645 affects the chrome-launcher package on Linux operating systems.
What are the potential impacts of CVE-2020-7645?
The potential impacts of CVE-2020-7645 include arbitrary command execution through manipulation of the $HOME environment variable.
Which versions of chrome-launcher are vulnerable to CVE-2020-7645?
All versions of chrome-launcher prior to version 0.13.2 are vulnerable to CVE-2020-7645.
- collector/github-advisory-latest
- alias/GHSA-gp2j-mg4w-2rh5
- alias/CVE-2020-7645
- agent/weakness
- agent/type
- agent/softwarecombine
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- package-manager/npm
- vendor/google
- canonical/google chrome