Skip to content

CVE-2020-7712 (High) detected in json-9.0.6.tgz - autoclosed #13

New issue
New issue
Closed
Closed
CVE-2020-7712 (High) detected in json-9.0.6.tgz - autoclosed#13
Labels
Mend: dependency security vulnerabilitySecurity vulnerability detected by WhiteSource
@mend-for-github-com

Description

@mend-for-github-com
mend-for-github-com
bot
opened on Oct 26, 2021

CVE-2020-7712 - High Severity Vulnerability

Vulnerable Library - json-9.0.6.tgz

a 'json' command for massaging and processing JSON on the command line

Library home page: https://registry.npmjs.org/json/-/json-9.0.6.tgz

Dependency Hierarchy:

  • json-9.0.6.tgz (Vulnerable Library)

Found in HEAD commit: 36a9c5d28529109984de6fcc3d0a157d561dac4a

Found in base branch: master

Vulnerability Details

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.

Publish Date: 2020-08-30

URL: CVE-2020-7712

CVSS 3 Score Details (7.2)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7712

Release Date: 2020-08-30

Fix Resolution: 10.0.0

Metadata

Metadata

Assignees

No one assigned

    Labels

    Mend: dependency security vulnerabilitySecurity vulnerability detected by WhiteSource

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions