CVE-2020-7712

Published: Aug 30, 2020Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.

Affected (6)

Products: Joyent: Json · Oracle: Commerce Guided Search, Financial Services Crime And Compliance Management Studio, Financial Services Regulatory Reporting With Agilereporter, Timesten In Memory Database

1 product

4 products

Commerce Guided Search

Financial Services Crime And Compliance Management Studio

Financial Services Regulatory Reporting With Agilereporter

Timesten In Memory Database

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Joyent Json	Before 10.0.0

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Oracle Commerce Guided Search	Version 11.3.2
Oracle Financial Services Crime And Compliance Management Studio	Version 8.0.8.2.0
Oracle Financial Services Crime And Compliance Management Studio	Version 8.0.8.3.0
Oracle Financial Services Regulatory Reporting With Agilereporter	Version 8.0.9.6.3
Oracle Timesten In Memory Database	Before 21.1.1.1.0

Related CWEs

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (44)

https://github.com/trentm/json/issues/144

Source: report@snyk.io

ExploitThird Party Advisory

https://github.com/trentm/json/pull/145

Source: report@snyk.io

PatchThird Party Advisory

https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3Cissues.zookeeper.apache.org%3E

Source: report@snyk.io

https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3Cissues.zookeeper.apache.org%3E

Source: report@snyk.io

https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3Cissues.zookeeper.apache.org%3E

Source: report@snyk.io

https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae%40%3Cdev.zookeeper.apache.org%3E

Source: report@snyk.io

https://lists.apache.org/thread.html/r977a907ecbedf87ae5ba47d4c77639efb120f74d4d1b3de14a4ef4da%40%3Cissues.flink.apache.org%3E

Source: report@snyk.io

https://lists.apache.org/thread.html/r9c6d28e5b9a9b3481b7d1f90f1c2f75cd1a5ade91038426e0fb095da%40%3Cdev.flink.apache.org%3E

Source: report@snyk.io

https://lists.apache.org/thread.html/ra890c24b3d90be36daf48ae76b263acb297003db24c1122f8e4aaef2%40%3Cissues.flink.apache.org%3E

Source: report@snyk.io

https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c%40%3Cissues.zookeeper.apache.org%3E

Source: report@snyk.io

https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5%40%3Cissues.zookeeper.apache.org%3E

Source: report@snyk.io

https://lists.apache.org/thread.html/rb89bd82dffec49f83b49e9ad625b1b63a408b3c7d1a60d6f049142a0%40%3Cissues.flink.apache.org%3E

Source: report@snyk.io

https://lists.apache.org/thread.html/rba7ea4d75d6a8e5b935991d960d9b893fd30e576c4d3b531084ebd7d%40%3Cissues.flink.apache.org%3E

Source: report@snyk.io

https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7%40%3Cissues.zookeeper.apache.org%3E

Source: report@snyk.io

https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db%40%3Cissues.zookeeper.apache.org%3E

Source: report@snyk.io

https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c%40%3Cissues.zookeeper.apache.org%3E

Source: report@snyk.io

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-608932

Source: report@snyk.io

Broken Link

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-608931

Source: report@snyk.io

ExploitThird Party Advisory

https://snyk.io/vuln/SNYK-JS-JSON-597481

Source: report@snyk.io

ExploitThird Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Source: report@snyk.io

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Source: report@snyk.io

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: report@snyk.io

PatchThird Party Advisory

https://github.com/trentm/json/issues/144

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://github.com/trentm/json/pull/145

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3Cissues.zookeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3Cissues.zookeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3Cissues.zookeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae%40%3Cdev.zookeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r977a907ecbedf87ae5ba47d4c77639efb120f74d4d1b3de14a4ef4da%40%3Cissues.flink.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/r9c6d28e5b9a9b3481b7d1f90f1c2f75cd1a5ade91038426e0fb095da%40%3Cdev.flink.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/ra890c24b3d90be36daf48ae76b263acb297003db24c1122f8e4aaef2%40%3Cissues.flink.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c%40%3Cissues.zookeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5%40%3Cissues.zookeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rb89bd82dffec49f83b49e9ad625b1b63a408b3c7d1a60d6f049142a0%40%3Cissues.flink.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rba7ea4d75d6a8e5b935991d960d9b893fd30e576c4d3b531084ebd7d%40%3Cissues.flink.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7%40%3Cissues.zookeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db%40%3Cissues.zookeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c%40%3Cissues.zookeeper.apache.org%3E

Source: af854a3a-2127-422b-91ae-364da2661108

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-608932

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-608931

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://snyk.io/vuln/SNYK-JS-JSON-597481

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://www.oracle.com//security-alerts/cpujul2021.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.