Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-7682 Vulnerability in npm package marked-tree

Description

This affects all versions of package marked-tree. There is no path sanitization in the path provided at fs.readFile in index.js.

Remediation

References

https://snyk.io/vuln/SNYK-JS-MARKEDTREE-590121

Related Vulnerabilities

CVE-2021-21351 Vulnerability in maven package com.thoughtworks.xstream:xstream

CVE-2018-16487 Vulnerability in npm package lodash.mergewith

CVE-2020-12827 Vulnerability in maven package org.webjars.npm:mjml

CVE-2020-6449 Vulnerability in maven package org.webjars.npm:electron

CVE-2020-36518 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

High

Classification

CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Third Party Advisory