This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2022-07-25T00:00:00
Updated: 2023-01-21T00:00:00
Reserved: 2020-01-21T00:00:00
Link: CVE-2020-7677
JSON object: View
NVD Information
Status : Modified
Published: 2022-07-25T14:15:10.047
Modified: 2023-11-07T03:26:10.360
Link: CVE-2020-7677
JSON object: View
Redhat Information
No data.
CWE