CVE-2020-21176 – thinkjs

Package

Manager: npm
Name: thinkjs
Vulnerable Version: >=0 <=3.2.14

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00527 pctl0.66142

Details

SQL Injection in thinkjs SQL injection vulnerability in the model.increment and model.decrement function in ThinkJS 3.2.10 allows remote attackers to execute arbitrary SQL commands via the step parameter.

Metadata

Created: 2021-11-19T20:42:32Z
Modified: 2021-11-19T20:42:27Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/11/GHSA-q5mq-6fjg-4mw8/GHSA-q5mq-6fjg-4mw8.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-q5mq-6fjg-4mw8
Finding: F297
Auto approve: 1