CVE-2020-8178 – jison

Package

Manager: npm
Name: jison
Vulnerable Version: <0

Severity

Level: High

CVSS v3.1: N/A

CVSS v4.0: N/A

EPSS: 0.05601 pctl0.89948

Details

Command Injection in jison **Withdrawn:** This vulnerability is not present in the released npm package. Rather the vulnerable code is part of the repo, but not part of the package. See linked hackerone report for more details. Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.

Metadata

Created: 2020-10-08T21:38:51Z
Modified: 2020-10-19T18:55:38Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/10/GHSA-vr9x-mm65-2438/GHSA-vr9x-mm65-2438.json
CWE IDs: ["CWE-78"]
Alternative ID: GHSA-vr9x-mm65-2438
Finding: N/A
Auto approve: 0