PT-2020-4205 · Mosc · Mosc

Published

2020-06-10

Updated

2021-07-21

CVE-2020-7672

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:P/A:P

Name of the Vulnerable Software and Affected Versions: mosc versions prior to 1.0.0

Description: The issue concerns the execution of user input by the eval function, allowing for Arbitrary Code Execution. This occurs due to insufficient input validation in the eval function of the mosc software. The vulnerability can be exploited by a remote attacker to execute arbitrary code. User input provided to the properties argument is executed, resulting in code execution.

Recommendations: For mosc versions prior to 1.0.0, consider disabling the use of the eval function or restricting user input to the properties argument until a patch is available. As a temporary workaround, avoid using the eval function with untrusted input to minimize the risk of exploitation.

Exploit

Fix

Code Injection

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-20

Related Identifiers

BDU:2020-04639

CVE-2020-7672

GHSA-J665-RVJ7-2JV9

SNYK-JS-MOSC-571492

Affected Products

Mosc

PT-2020-4205 · Mosc · Mosc

CVE-2020-7672

Weakness Enumeration

Related Identifiers

Affected Products

References · 5