{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T10:13:22.870","vulnerabilities":[{"cve":{"id":"CVE-2020-7613","sourceIdentifier":"report@snyk.io","published":"2020-04-07T14:15:14.217","lastModified":"2024-11-21T05:37:28.403","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"clamscan through 1.2.0 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the `_is_clamav_binary` function located within `Index.js`. It should be noted that this vulnerability requires a pre-requisite that a folder should be created with the same command that will be chained to execute. This lowers the risk of this issue."},{"lang":"es","value":"clamscan versiones hasta 1.2.0, es vulnerable a una Inyección de Comandos. Es posible inyectar comandos arbitrarios como parte de la función \"_is_clamav_binary\" ubicada dentro del archivo \"Index.js\". Cabe señalar que esta vulnerabilidad requiere un requisito previo de que una carpeta sea creada con el mismo comando que será encadenada para ejecutarse. Esto reduce el riesgo de este problema."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:clamscan_project:clamscan:*:*:*:*:*:*:*:*","versionEndIncluding":"1.2.0","matchCriteriaId":"52D2D5B9-7CC8-4930-ADCA-EE389495C75D"}]}]}],"references":[{"url":"https://github.com/kylefarris/clamscan/blob/master/index.js#L34","source":"report@snyk.io","tags":["Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JS-CLAMSCAN-564113","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/kylefarris/clamscan/blob/master/index.js#L34","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JS-CLAMSCAN-564113","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}