HIGH🇬🇧 English

CVE-2020-7712

CVSS 7.2v3.1pub. 2020-08-30upd. 2024-11-21

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Joyent Json

    APP
    Joyent
    < 10.0.0
  • Oracle Commerce Guided Search

    APP
    Oracle
    11.3.2
  • Oracle Financial Services Crime And Compliance Management Studio

    APP
    Oracle
    8.0.8.2.08.0.8.3.0
  • Oracle Financial Services Regulatory Reporting With Agilereporter

    APP
    Oracle
    8.0.9.6.3
  • Oracle Timesten In Memory Database

    APP
    Oracle
    < 21.1.1.1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2022-22947CRITICAL10.0⚠ KEVten sam produkt

In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection ...

CVE-2018-1273CRITICAL9.8⚠ KEVten sam produkt

Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain ...

CVE-2022-22978CRITICAL9.8ten sam produkt

In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatc...

CVE-2021-41303CRITICAL9.8ten sam produkt

Apache Shiro before 1.8.0, when using Apache Shiro with Spring Boot, a specially crafted HTTP request may caus...

CVE-2019-12419CRITICAL9.8ten sam produkt

Apache CXF before 3.3.4 and 3.2.11 provides all of the components that are required to build a fully fledged O...