CVE-2020-7604 - OpenCVE

pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pulverizr Project	Pulverizr

Configuration 1 [-]

cpe:2.3:a:pulverizr_project:pulverizr:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122

History

No history.

MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2020-03-15T21:28:34

Updated: 2024-08-04T09:33:19.973Z

Reserved: 2020-01-21T00:00:00

Link: CVE-2020-7604

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-03-15T22:15:14.740

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-7604

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "pulverizr", "vendor": "n/a", "versions": [{"status": "affected", "version": "All versions including 0.7.0"}]}], "descriptions": [{"lang": "en", "value": "pulverizr through 0.7.0 allows execution of arbitrary commands. Within \"lib/job.js\", the variable \"filename\" can be controlled by the attacker. This function uses the variable \"filename\" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command."}], "problemTypes": [{"descriptions": [{"description": "Command Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-15T21:28:34", "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "shortName": "snyk"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "report@snyk.io", "ID": "CVE-2020-7604", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "pulverizr", "version": {"version_data": [{"version_value": "All versions including 0.7.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "pulverizr through 0.7.0 allows execution of arbitrary commands. Within \"lib/job.js\", the variable \"filename\" can be controlled by the attacker. This function uses the variable \"filename\" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Command Injection"}]}]}, "references": {"reference_data": [{"name": "https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122", "refsource": "MISC", "url": "https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T09:33:19.973Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122"}]}]}, "cveMetadata": {"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730", "assignerShortName": "snyk", "cveId": "CVE-2020-7604", "datePublished": "2020-03-15T21:28:34", "dateReserved": "2020-01-21T00:00:00", "dateUpdated": "2024-08-04T09:33:19.973Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pulverizr_project:pulverizr:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "F587F8D3-0FBC-495C-ACDA-24116EFA92C7", "versionEndIncluding": "0.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "pulverizr through 0.7.0 allows execution of arbitrary commands. Within \"lib/job.js\", the variable \"filename\" can be controlled by the attacker. This function uses the variable \"filename\" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command."}, {"lang": "es", "value": "pulverizr versiones hasta 0.7.0, permite una ejecuci\u00f3n de comandos arbitraria. Dentro de la librer\u00eda \"lib/job.js\", la variable \"filename\" puede ser controlada por el atacante. Esta funci\u00f3n usa la variable \"filename\" para construir el argumento de la llamada de ejecuci\u00f3n sin ning\u00fan saneamiento. A fin de explotar con \u00e9xito esta vulnerabilidad, un atacante necesitar\u00e1 crear un nuevo archivo con el mismo nombre que el comando de ataque."}], "id": "CVE-2020-7604", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-15T22:15:14.740", "references": [{"source": "report@snyk.io", "tags": ["Exploit", "Third Party Advisory"], "url": "https://snyk.io/vuln/SNYK-JS-PULVERIZR-560122"}], "sourceIdentifier": "report@snyk.io", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}]}