Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-8137 Vulnerability in npm package uppy

Description

Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker.

Remediation

References

https://hackerone.com/reports/772448

Related Vulnerabilities

CVE-2018-16487 Vulnerability in npm package lodash._basemerge

CVE-2023-33725 Vulnerability in maven package org.broadleafcommerce:broadleaf

CVE-2020-7642 Vulnerability in maven package org.webjars.bowergithub.afarkas:lazysizes

CVE-2020-36649 Vulnerability in maven package org.webjars.bowergithub.mholt:papaparse

CVE-2022-36010 Vulnerability in npm package react-editable-json-tree

Severity

Critical

Classification

CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Patch Third Party Advisory