Vulnerability-Lookup

CNVD-2020-21082

Vulnerability from cnvd - Published: 2020-04-02

Title

pulverizr注入漏洞

Description

pulverizr是一款图片压缩器。 pulverizr 0.7.0及之前版本存在安全漏洞，该漏洞源于未能对‘filename’参数进行任何清理，函数便直接使用了该参数。攻击者可利用该漏洞执行任意命令。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法：

https://www.npmjs.com/package/pulverizr

Reference

https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122 https://nvd.nist.gov/vuln/detail/CVE-2020-7604

Impacted products

Name
pulverizr pulverizr <=0.7.0

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7604"
    }
  },
  "description": "pulverizr\u662f\u4e00\u6b3e\u56fe\u7247\u538b\u7f29\u5668\u3002\n\npulverizr 0.7.0\u53ca\u4e4b\u524d\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u80fd\u5bf9\u2018filename\u2019\u53c2\u6570\u8fdb\u884c\u4efb\u4f55\u6e05\u7406\uff0c\u51fd\u6570\u4fbf\u76f4\u63a5\u4f7f\u7528\u4e86\u8be5\u53c2\u6570\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\n\r\nhttps://www.npmjs.com/package/pulverizr",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-21082",
  "openTime": "2020-04-02",
  "products": {
    "product": "pulverizr pulverizr \u003c=0.7.0"
  },
  "referenceLink": "https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-7604",
  "serverity": "\u9ad8",
  "submitTime": "2020-03-17",
  "title": "pulverizr\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2020-7604 (GCVE-0-2020-7604)

Vulnerability from cvelistv5 – Published: 2020-03-15 21:28 – Updated: 2024-08-04 09:33

Summary

pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command.

Severity ?

No CVSS data available.

CWE

Command Injection

Assigner

snyk

References

URL

Tags

https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	pulverizr	Affected: All versions including 0.7.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.973Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "pulverizr",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "All versions including 0.7.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "pulverizr through 0.7.0 allows execution of arbitrary commands. Within \"lib/job.js\", the variable \"filename\" can be controlled by the attacker. This function uses the variable \"filename\" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Command Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-15T21:28:34",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "report@snyk.io",
          "ID": "CVE-2020-7604",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "pulverizr",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions including 0.7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "pulverizr through 0.7.0 allows execution of arbitrary commands. Within \"lib/job.js\", the variable \"filename\" can be controlled by the attacker. This function uses the variable \"filename\" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122",
              "refsource": "MISC",
              "url": "https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2020-7604",
    "datePublished": "2020-03-15T21:28:34",
    "dateReserved": "2020-01-21T00:00:00",
    "dateUpdated": "2024-08-04T09:33:19.973Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-21082

CVE-2020-7604 (GCVE-0-2020-7604)

Tags

Sightings

Nomenclature