Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoOGYteHc1di04OTkz
Command Injection in macfromip
All versions of npm package macfromip are affected by a command injection vulnerability. The injection point is located in line 66 in macfromip.js.
Permalink: https://github.com/advisories/GHSA-vh8f-xw5v-8993JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoOGYteHc1di04OTkz
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 3 years ago
Updated: over 1 year ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-vh8f-xw5v-8993, CVE-2020-7786
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-7786
- https://snyk.io/vuln/SNYK-JS-MACFROMIP-1048336
- https://www.npmjs.com/package/macfromip
- https://github.com/advisories/GHSA-vh8f-xw5v-8993
Affected Packages
npm:macfromip
Dependent packages: 5Dependent repositories: 9
Downloads: 119 last month
Affected Version Ranges: <= 1.1.1
No known fixed version
All affected versions: 1.0.0, 1.0.1, 1.1.0, 1.1.1