1. Home
  2. Vulnerabilities
  3. CVE-2020-7712

CVE-2020-7712

CVSS v3.1 7.2 (High)
72% Progress
CVSS v2.0 6.5 (Medium)
65% Progress
EPSS 1.54 % (87th)
1.54% Progress
Affected Products 5
Advisories 2
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.

Weaknesses
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE Status
PUBLISHED
CNA
Snyk
Published Date
2020-08-30 08:15:11
(4 years ago)
Updated Date
2023-11-07 03:26:11
(10 months ago)

Affected Products

Joyent

Oracle

Configuration #1

    CPE23 From Up To
  Joyent Json for Node.js prior 10.0.0 version cpe:2.3:a:joyent:json::*:*:*:*:node.js < 10.0.0

Configuration #2

    CPE23 From Up To
  Oracle Commerce Guided Search 11.3.2 cpe:2.3:a:oracle:commerce_guided_search:11.3.2
  Oracle Financial Services Crime And Compliance Management Studio 8.0.8.2.0 cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0
  Oracle Financial Services Crime And Compliance Management Studio 8.0.8.3.0 cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0
  Oracle Financial Services Regulatory Reporting With Agilereporter 8.0.9.6.3 cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.6.3
  Oracle Timesten In-memory Database prior 21.1.1.1.0 version cpe:2.3:a:oracle:timesten_in-memory_database < 21.1.1.1.0