Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-8137 Vulnerability in npm package uppy

Description

Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker.

Remediation

References

https://hackerone.com/reports/772448

Related Vulnerabilities

CVE-2018-16330 Vulnerability in maven package org.webjars.bower:editor.md

CVE-2022-24839 Vulnerability in maven package net.sourceforge.nekohtml:nekohtml

CVE-2020-8141 Vulnerability in maven package org.webjars.bowergithub.olado:dot

CVE-2021-23470 Vulnerability in npm package putil-merge

CVE-2021-39133 Vulnerability in maven package org.rundeck:rundeck

Severity

Critical

Classification

CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Patch Third Party Advisory