First published: Sun Mar 15 2020(Updated: )
Node.js dot package could allow a remote attacker to execute arbitrary code on the system, caused by a flaw in the Function(). By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Dot Project Dot | =1.1.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-8141 is a vulnerability in the dot package v1.1.2 of Node.js that allows a remote attacker to execute arbitrary code on the system.
The vulnerability in dot package v1.1.2 is caused by a flaw in the Function() function, which can be exploited by an attacker sending a specially crafted request to execute arbitrary code on the system.
The severity of CVE-2020-8141 is critical with a severity value of 9.8.
The affected software version is dot package v1.1.2 of Node.js.
To fix the CVE-2020-8141 vulnerability, update the dot package of Node.js to a version that does not have this vulnerability.