{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T22:21:45.520","vulnerabilities":[{"cve":{"id":"CVE-2020-7603","sourceIdentifier":"report@snyk.io","published":"2020-03-15T22:15:14.660","lastModified":"2024-11-21T05:37:27.470","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument \"options\" of the exports function in \"index.js\" can be controlled by users without any sanitization."},{"lang":"es","value":"closure-compiler-stream versiones hasta 0.1.15, permite una ejecución de comandos arbitraria. El argumento \"options\" de la función de exportación en el archivo \"index.js\" puede ser controlado por los usuarios sin ningún saneamiento."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:closure-compiler-stream_project:closure-compiler-stream:*:*:*:*:*:node.js:*:*","versionEndIncluding":"0.1.15","matchCriteriaId":"3D96AD92-7C35-43C1-90E5-5EE0E71E194F"}]}]}],"references":[{"url":"https://snyk.io/vuln/SNYK-JS-CLOSURECOMPILERSTREAM-560123","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JS-CLOSURECOMPILERSTREAM-560123","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}