CVE-2020-7697: Command Injection
First published: Wed Jul 29 2020(Updated: )
This affects all versions of package mock2easy. a malicious user could inject commands through the _data variable: Affected Area require('../server/getJsonByCurl')(mock2easy, function (error, stdout) { if (error) { return res.json(500, error); } res.json(JSON.parse(stdout)); }, '', _data.interfaceUrl, query, _data.cookie,_data.interfaceType);
Credit: report@snyk.io report@snyk.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mock2easy Project Mock2easy |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-7697?
The severity of CVE-2020-7697 is critical with a CVSS score of 9.8.
How do I fix CVE-2020-7697?
To fix CVE-2020-7697, upgrade to a version higher than 0.0.24 of the mock2easy package.
Which versions of mock2easy are affected by CVE-2020-7697?
All versions up to and including 0.0.24 of the mock2easy package are affected by CVE-2020-7697.
What is the affected area of CVE-2020-7697?
The affected area of CVE-2020-7697 is the `_data` variable in the mock2easy package.
Where can I find more information about CVE-2020-7697?
You can find more information about CVE-2020-7697 in the following references: [link1], [link2], [link3].
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/github-advisory
- alias/GHSA-g4xj-wcq6-qwx5
- alias/CVE-2020-7697
- collector/nvd-cve
- collector/nvd-index
- package-manager/npm
- vendor/mock2easy project
- canonical/mock2easy project mock2easy