PT-2020-19658 · Pomelo · Pomelo-Monitor

Published

2020-04-02

Updated

2021-07-21

CVE-2020-7620

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions pomelo-monitor versions prior to 0.3.8

Description The issue allows for Command Injection, enabling the injection of arbitrary commands as part of pomelo-monitor params.

Recommendations For versions prior to 0.3.8, update to version 0.3.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the pomelo-monitor params to minimize the risk of exploitation.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-7620

GHSA-4J54-MXF6-WXX2

SNYK-JS-POMELOMONITOR-173695

Affected Products

Pomelo-Monitor

PT-2020-19658 · Pomelo · Pomelo-Monitor

CVE-2020-7620

Weakness Enumeration

Related Identifiers

Affected Products

References · 6