PT-2020-19671 · Unknown · Compass-Compile

Published

2020-04-06

·

Updated

2021-12-09

·

CVE-2020-7635

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions compass-compile version 0.0.1
Description The issue allows execution of arbitrary commands via the options argument, which is a command injection flaw.
Recommendations For version 0.0.1, consider disabling the options argument until a patch is available to prevent command injection attacks.

Exploit

Fix

Special Elements Injection

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-78

Related Identifiers

CVE-2020-7635
GHSA-7Q9F-X6RM-QMXR
SNYK-JS-COMPASSCOMPILE-564429

Affected Products

Compass-Compile