First published: Mon Jul 25 2022(Updated: )
This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.
Credit: report@snyk.io
Affected Software | Affected Version | How to fix |
---|---|---|
Thenify Project Thenify | <3.3.1 | |
Debian Debian Linux | =10.0 | |
Fedoraproject Fedora | =36 | |
Fedoraproject Fedora | =37 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.