CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-7604

pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.4%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122
https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122

Products affected by CVE-2020-7604

Pulverizr Project » Pulverizr » Version: 0.5.0

cpe:2.3:a:pulverizr_project:pulverizr:0.5.0
Pulverizr Project » Pulverizr » Version: 0.5.1

cpe:2.3:a:pulverizr_project:pulverizr:0.5.1
Pulverizr Project » Pulverizr » Version: 0.7.0

cpe:2.3:a:pulverizr_project:pulverizr:0.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7604

Products

Pricing

Contact Us