{"vulnerability": "CVE-2020-2843", "sightings": [{"uuid": "d00358d5-8740-4ca7-ba39-911ab29746aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28430", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/23995", "content": "\u203c CVE-2020-28430 \u203c\n\nAll versions of package nuance-gulp-build-common are vulnerable to Command Injection via the index.js file. PoC: /var a = require(\"nuance-gulp-build-common\") a.run(\"touch JHU\")\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-23T18:35:13.000000Z"}, {"uuid": "83a754ce-41a8-4c08-8bd4-d2fb0cc4174d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28431", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/23993", "content": "\u203c CVE-2020-28431 \u203c\n\nAll versions of package wc-cmd are vulnerable to Command Injection via the index.js file. PoC: var a =require(\"wc-cmd\"); a(\"touch JHU\")\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-23T18:35:12.000000Z"}, {"uuid": "dfad6678-733f-41d9-ad90-77bbc7f1660c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28432", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/23988", "content": "\u203c CVE-2020-28432 \u203c\n\nAll versions of package theme-core are vulnerable to Command Injection via the lib/utils.js file, which is required by main entry of the package. PoC: var a =require(\"theme-core\"); a.utils.sh(\"touch JHU\")\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-23T18:35:07.000000Z"}, {"uuid": "ef35439c-0535-44c0-8da9-1511251246e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28439", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/20358", "content": "\u203c CVE-2020-28439 \u203c\n\nThis affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T20:35:45.000000Z"}, {"uuid": "ea82245b-0bb9-4f56-9bab-fe8d62b3a512", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28438", "type": "seen", "source": "https://t.me/cibsecurity/46927", "content": "\u203c CVE-2020-28438 \u203c\n\nThis affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-25T18:39:11.000000Z"}, {"uuid": "0a003119-b0b8-4ca1-963c-234a24038483", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28434", "type": "seen", "source": "https://t.me/cibsecurity/47404", "content": "\u203c CVE-2020-28434 \u203c\n\nThis affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T18:17:43.000000Z"}, {"uuid": "3f93cfc6-2527-4c62-92d6-12b546c3706b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28437", "type": "seen", "source": "https://t.me/cibsecurity/47403", "content": "\u203c CVE-2020-28437 \u203c\n\nThis affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T18:17:42.000000Z"}, {"uuid": "9574f361-fa12-4c86-bdb4-4b031097f915", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28433", "type": "seen", "source": "https://t.me/cibsecurity/47407", "content": "\u203c CVE-2020-28433 \u203c\n\nThis affects all versions of package node-latex-pdf.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T18:17:46.000000Z"}, {"uuid": "d37c4087-e308-475a-9b40-d27d205331b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28439", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/20455", "content": "\u203c CVE-2020-28439 \u203c\n\nThis affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T22:25:16.000000Z"}, {"uuid": "8d581773-9421-49dd-b171-03e3e779dd65", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28439", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/20397", "content": "\u203c CVE-2020-28439 \u203c\n\nThis affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T21:25:16.000000Z"}, {"uuid": "ff2a57f7-6c7f-486c-ad82-f6713613d745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28439", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/20415", "content": "\u203c CVE-2020-28439 \u203c\n\nThis affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T22:04:33.000000Z"}, {"uuid": "da1d3c12-7ff2-4b6a-8a7e-761d56916972", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28439", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/20435", "content": "\u203c CVE-2020-28439 \u203c\n\nThis affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T22:10:44.000000Z"}, {"uuid": "32354c4f-f307-4f89-9f9d-7273867ef731", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28439", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/20378", "content": "\u203c CVE-2020-28439 \u203c\n\nThis affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T20:46:02.000000Z"}]}