Description
mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to properties argument is executed by the eval function, resulting in code execution.
Recommendation
No fix is available yet. Followings are affected versions:
- <= 1.0.0
References
Related Issues
- Code injection in electerm - CVE-2020-23256
- xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection (GHSA-h4j5-c7cj-74xg) - CVE-2020-28502
- Code Injection in jsen - CVE-2020-7777
- Code Injection in node-rules - CVE-2020-7609
- Tags:
- npm
- mosc
Anything's wrong? Let us know Last updated on February 01, 2023