Search
Find a vulnerability
Search criteria
2 vulnerabilities found for npm-programmatic by npm-programmatic_project
CVE-2020-7614 (GCVE-0-2020-7614)
Vulnerability from nvd – Published: 2020-04-07 13:21 – Updated: 2024-08-04 09:33
VLAI
Summary
npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly.
Severity
No CVSS data available.
CWE
- Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-NPMPROGRAMMATIC-564115 | x_refsource_MISC |
| https://github.com/Manak/npm-programmatic/blob/ma… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | npm-programmatic |
Affected:
All versions including 0.0.12
|
Date Public
2020-04-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-NPMPROGRAMMATIC-564115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Manak/npm-programmatic/blob/master/index.js#L18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "npm-programmatic",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions including 0.0.12"
}
]
}
],
"datePublic": "2020-04-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the \u0027exec\u0027 function directly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T13:21:05.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-NPMPROGRAMMATIC-564115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Manak/npm-programmatic/blob/master/index.js#L18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "npm-programmatic",
"version": {
"version_data": [
{
"version_value": "All versions including 0.0.12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the \u0027exec\u0027 function directly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-NPMPROGRAMMATIC-564115",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-NPMPROGRAMMATIC-564115"
},
{
"name": "https://github.com/Manak/npm-programmatic/blob/master/index.js#L18",
"refsource": "MISC",
"url": "https://github.com/Manak/npm-programmatic/blob/master/index.js#L18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7614",
"datePublished": "2020-04-07T13:21:05.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7614 (GCVE-0-2020-7614)
Vulnerability from cvelistv5 – Published: 2020-04-07 13:21 – Updated: 2024-08-04 09:33
VLAI
Summary
npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly.
Severity
No CVSS data available.
CWE
- Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-NPMPROGRAMMATIC-564115 | x_refsource_MISC |
| https://github.com/Manak/npm-programmatic/blob/ma… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | npm-programmatic |
Affected:
All versions including 0.0.12
|
Date Public
2020-04-01 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-NPMPROGRAMMATIC-564115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Manak/npm-programmatic/blob/master/index.js#L18"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "npm-programmatic",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions including 0.0.12"
}
]
}
],
"datePublic": "2020-04-01T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the \u0027exec\u0027 function directly."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-07T13:21:05.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-NPMPROGRAMMATIC-564115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Manak/npm-programmatic/blob/master/index.js#L18"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "npm-programmatic",
"version": {
"version_data": [
{
"version_value": "All versions including 0.0.12"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the \u0027exec\u0027 function directly."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-NPMPROGRAMMATIC-564115",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-NPMPROGRAMMATIC-564115"
},
{
"name": "https://github.com/Manak/npm-programmatic/blob/master/index.js#L18",
"refsource": "MISC",
"url": "https://github.com/Manak/npm-programmatic/blob/master/index.js#L18"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7614",
"datePublished": "2020-04-07T13:21:05.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}