Vulnerability Details CVE-2020-7795
The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.7%
CVSS Severity
CVSS v3 Score 7.3
References
- https://github.com/hoperyy/get-npm-package-version/blob/338a5882298eb2c2194538db41166cae13c39e03/index.js%23L17
- https://github.com/hoperyy/get-npm-package-version/commit/40b1cf31a0607ea66f9e30a0c3af1383b52b2dec
- https://security.snyk.io/vuln/SNYK-JS-GETNPMPACKAGEVERSION-1050390
- https://www.npmjs.com/package/get-npm-package-version/v/1.0.6
- https://github.com/hoperyy/get-npm-package-version/blob/338a5882298eb2c2194538db41166cae13c39e03/index.js%23L17
- https://github.com/hoperyy/get-npm-package-version/commit/40b1cf31a0607ea66f9e30a0c3af1383b52b2dec
- https://security.snyk.io/vuln/SNYK-JS-GETNPMPACKAGEVERSION-1050390
- https://www.npmjs.com/package/get-npm-package-version/v/1.0.6
Products affected by CVE-2020-7795
-
cpe:2.3:a:get-npm-package-version_project:get-npm-package-version:1.0.0
-
cpe:2.3:a:get-npm-package-version_project:get-npm-package-version:1.0.1
-
cpe:2.3:a:get-npm-package-version_project:get-npm-package-version:1.0.2
-
cpe:2.3:a:get-npm-package-version_project:get-npm-package-version:1.0.3
-
cpe:2.3:a:get-npm-package-version_project:get-npm-package-version:1.0.4
-
cpe:2.3:a:get-npm-package-version_project:get-npm-package-version:1.0.5
-
cpe:2.3:a:get-npm-package-version_project:get-npm-package-version:1.0.6