CVEs-PoC/2020/CVE-2020-7677.md at b0e96c877abb080d7cf221c036336480ff266ccf

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-05-09 23:27:33 +02:00

Files

T

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.

POC

Reference

https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-572317
https://security.snyk.io/vuln/SNYK-JS-THENIFY-571690

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Live-Hack-CVE/CVE-2020-7677

840 B Raw Blame History

CVE-2020-7677

Description

POC

Reference

Github

840 B

Raw Blame History