VDB

CVE-2020-7677

CVE-2020-7677 PUBLISHED

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.

EPSS 1.05% · 77.9th percentile

Risk Scores

EPSS Score
1.05%
77.9th percentile

Affected Products

VendorProductVersions
Ubuntu:18.04:LTSnode-thenify0, 3.3.0-1
Ubuntu:20.04:LTSnode-thenify0, 3.3.0-1

Timeline

  • Jul 18, 2022 CVE Published
  • Jul 26, 2022 EPSS Score
  • Sep 11, 2022 EPSS Score
  • Oct 27, 2022 EPSS Score
  • Dec 13, 2022 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Mar 16, 2023 EPSS Score
  • May 2, 2023 EPSS Score
  • Jun 18, 2023 EPSS Score
  • Aug 4, 2023 EPSS Score
  • Sep 19, 2023 EPSS Score
  • Nov 5, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›