CVE-2020-7697 Information

Feb 14, 2021 cve

Description

This affects all versions of package mock2easy. a malicious user could inject commands through the _data variable: Affected Area require(’../server/getJsonByCurl’)(mock2easy function (error stdout) if (error) return res.json(500 error); res.json(JSON.parse(stdout)); ’’ _data.interfaceUrl query _data.cookie_data.interfaceType);

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://snyk.io/vuln/SNYK-JS-MOCK2EASY-572312 https://www.npmjs.com/package/mock2easy This affects all versions of package mock2easy. a malicious user could inject commands through the _data variable: Affected Area require(’../server/getJsonByCurl’)(mock2easy function (error stdout)

if (error)

return res.json(500 error);

res.json(JSON.parse(stdout));

’' _data.interfaceUrl query _data.cookie_data.interfaceType);

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: