CVSS: 7.2EPSS: 1%CPEs: 6EXPL: 3CVE-2020-7712 – Command Injection
https://notcve.org/view.php?id=CVE-2020-7712
This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function. Esto afecta al paquete json versiones anteriores a 10.0.0. Es posible inyectar comandos arbitrarios usando la función parseLookup • https://github.com/trentm/json/issues/144 https://github.com/trentm/json/pull/145 https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae%40%3Cdev&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •