CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-7697

This affects all versions of package mock2easy. a malicious user could inject commands through the _data variable: Affected Area require('../server/getJsonByCurl')(mock2easy, function (error, stdout) { if (error) { return res.json(500, error); } res.json(JSON.parse(stdout)); }, '', _data.interfaceUrl, query, _data.cookie,_data.interfaceType);

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.1%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

https://snyk.io/vuln/SNYK-JS-MOCK2EASY-572312
https://www.npmjs.com/package/mock2easy
https://snyk.io/vuln/SNYK-JS-MOCK2EASY-572312
https://www.npmjs.com/package/mock2easy

Products affected by CVE-2020-7697

Mock2easy Project » Mock2easy » Version: N/A

cpe:2.3:a:mock2easy_project:mock2easy:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7697

Products

Pricing

Contact Us