CVE-2020-7613

Name of the Vulnerable Software and Affected Versions: clamscan versions prior to 1.2.1

Description: The issue is related to a Command Injection vulnerability. It is possible to inject arbitrary commands as part of the is clamav binary function located within Index.js. This vulnerability requires a pre-requisite that a folder should be created with the same command that will be chained to execute, which lowers the risk of this issue. The vulnerability exists due to the lack of measures to neutralize special elements, allowing a remote attacker to execute arbitrary commands.

Recommendations: For clamscan versions prior to 1.2.1, as a temporary workaround, consider disabling the is clamav binary function until a patch is available. Restrict access to the Index.js file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.