Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-8137 Vulnerability in npm package fastify

Description

Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker.

Remediation

References

https://hackerone.com/reports/772448

Related Vulnerabilities

CVE-2018-1000873 Vulnerability in maven package com.fasterxml.jackson.datatype:jackson-datatype-jsr310

CVE-2019-10805 Vulnerability in npm package valib

CVE-2021-23439 Vulnerability in npm package file-upload-with-preview

CVE-2022-45398 Vulnerability in maven package org.zeroturnaround:cluster-stats

CVE-2023-22899 Vulnerability in maven package net.lingala.zip4j:zip4j

Severity

Critical

Classification

CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Patch Third Party Advisory