PT-2020-19668 · Mpv · Node-Mpv

Published

2020-04-06

·

Updated

2022-01-07

·

CVE-2020-7632

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions node-mpv versions 1.4.3 and earlier
Description The issue allows execution of arbitrary commands via the options argument, enabling command injection.
Recommendations For node-mpv versions 1.4.3 and earlier, consider restricting the use of the options argument until a patch is available.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-7632
GHSA-CQR2-XHG6-P268
SNYK-JS-NODEMPV-564426

Affected Products

Node-Mpv