CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 2CVE-2020-7677 – Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2020-7677
This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization. Esto afecta al paquete thenify antes de la versión 3.3.1. El argumento del nombre proporcionado al paquete puede ser controlado por los usuarios sin ningún tipo de sanitización, y este es proporcionado a la función eval sin ninguna sanitización • https://github.com/thenables/thenify/blob/master/index.js%23L17 https://github.com/thenables/thenify/commit/0d94a24eb933bc835d568f3009f4d269c4c4c17a https://lists.debian.org/debian-lts-announce/2022/09/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-572317 https://secu •