Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-8137 Vulnerability in npm package fastify

Description

Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker.

Remediation

References

https://hackerone.com/reports/772448

Related Vulnerabilities

CVE-2020-8158 Vulnerability in npm package typeorm

CVE-2021-41269 Vulnerability in maven package com.cronutils:cron-utils

CVE-2021-23383 Vulnerability in maven package org.webjars.npm:handlebars

CVE-2022-43441 Vulnerability in maven package org.webjars.npm:sqlite3

CVE-2020-15125 Vulnerability in npm package auth0

Severity

Critical

Classification

CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Patch Third Party Advisory