CVE-2020-7678 Vulnerability in npm package node-import

Description

This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".

Remediation

References

https://github.com/mahdaen/node-import/blob/master/index.js%23L79

https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691

Related Vulnerabilities

CVE-2018-14380 Vulnerability in npm package graylog-web-interface

CVE-2021-23518 Vulnerability in npm package cached-path-relative

CVE-2021-39147 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2023-27563 Vulnerability in npm package n8n

CVE-2016-1000342 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H