CVE-2020-7775 – freediskspace

Package

Manager: npm
Name: freediskspace
Vulnerable Version: >=0 <=1.2.0

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00513 pctl0.65515

Details

Improper neutralization of arguments in freediskspace This affects all versions of package freediskspace. The vulnerability arises out of improper neutralization of arguments in line 71 of freediskspace.js.

Metadata

Created: 2021-04-13T15:16:11Z
Modified: 2021-03-19T23:11:49Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-4gfq-6m28-m5mg/GHSA-4gfq-6m28-m5mg.json
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-4gfq-6m28-m5mg
Finding: F004
Auto approve: 1