CVE-2020-7633

Name of the Vulnerable Software and Affected Versions apiconnect-cli-plugins versions 6.0.1 and earlier

Description The issue allows execution of arbitrary commands via the pluginUri argument, enabling command injection. This can be exploited by passing malicious input to the installPlugin(pluginUri, registryUri) function, located in the lib/plugin-loader.js file. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For apiconnect-cli-plugins versions 6.0.1 and earlier, consider disabling the installPlugin() function until a patch is available to prevent command injection attacks. Restrict access to the pluginUri argument to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.