Pulverizr Project

pulverizr_project

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Pulverizr

pulverizr

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-7604 1Pulverizr Project 1Pulverizr Nov 21, 2024 Mar 15, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the...Show more pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2020-7604

1Pulverizr Project

1Pulverizr

Nov 21, 2024

Mar 15, 2020

N/A· v4

9.8 CRITICAL· v3

7.5 HIGH· v2

pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command.Show less