CVE-2020-8137 – blamer

Package

Manager: npm
Name: blamer
Vulnerable Version: >=0 <1.0.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.04715 pctl0.88963

Details

Code injection in blamer Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when the input can be controlled by an attacker.

Metadata

Created: 2021-05-06T18:27:55Z
Modified: 2021-05-04T22:31:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-7vm7-j8p7-h346/GHSA-7vm7-j8p7-h346.json
CWE IDs: ["CWE-94"]
Alternative ID: GHSA-7vm7-j8p7-h346
Finding: F422
Auto approve: 1