CVE-2020-7712
published 2020-08-30CVE-2020-7712: This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joyent | json | < 10.0.0 | 10.0.0 |
| joyent | json | >= 0 < 10.0.0 | 10.0.0 |
| joyent | json | >= unspecified < 10.0.0 | 10.0.0 |
| oracle | commerce_guided_search | — | — |
| oracle | financial_services_crime_and_compliance_management_studio | — | — |
| oracle | financial_services_crime_and_compliance_management_studio | — | — |
| oracle | financial_services_regulatory_reporting_with_agilereporter | — | — |
| oracle | timesten_in-memory_database | < 21.1.1.1.0 | 21.1.1.1.0 |