Vulnerability Details CVE-2020-7682
This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
Products affected by CVE-2020-7682
-
cpe:2.3:a:marked-tree_project:marked-tree:-
-
cpe:2.3:a:marked-tree_project:marked-tree:0.7.0
-
cpe:2.3:a:marked-tree_project:marked-tree:0.7.1
-
cpe:2.3:a:marked-tree_project:marked-tree:0.7.2
-
cpe:2.3:a:marked-tree_project:marked-tree:0.7.3
-
cpe:2.3:a:marked-tree_project:marked-tree:0.7.4
-
cpe:2.3:a:marked-tree_project:marked-tree:0.7.5
-
cpe:2.3:a:marked-tree_project:marked-tree:0.7.6
-
cpe:2.3:a:marked-tree_project:marked-tree:0.8.0
-
cpe:2.3:a:marked-tree_project:marked-tree:0.8.1