{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T20:57:08.729","vulnerabilities":[{"cve":{"id":"CVE-2020-7677","sourceIdentifier":"report@snyk.io","published":"2022-07-25T14:15:10.047","lastModified":"2024-11-21T05:37:35.603","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization."},{"lang":"es","value":"Esto afecta al paquete thenify antes de la versión 3.3.1. El argumento del nombre proporcionado al paquete puede ser controlado por los usuarios sin ningún tipo de sanitización, y este es proporcionado a la función eval sin ninguna sanitización"}],"metrics":{"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:L\/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:H\/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:thenify_project:thenify:*:*:*:*:*:node.js:*:*","versionEndExcluding":"3.3.1","matchCriteriaId":"2074E478-8FB2-42A3-9E63-656E167713CF"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*","matchCriteriaId":"5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"},{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}]}]}],"references":[{"url":"https:\/\/github.com\/thenables\/thenify\/blob\/master\/index.js%23L17","source":"report@snyk.io","tags":["Broken Link"]},{"url":"https:\/\/github.com\/thenables\/thenify\/commit\/0d94a24eb933bc835d568f3009f4d269c4c4c17a","source":"report@snyk.io","tags":["Patch"]},{"url":"https:\/\/lists.debian.org\/debian-lts-announce\/2022\/09\/msg00039.html","source":"report@snyk.io","tags":["Mailing List","Third Party Advisory"]},{"url":"https:\/\/lists.fedoraproject.org\/archives\/list\/package-announce%40lists.fedoraproject.org\/message\/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3\/","source":"report@snyk.io"},{"url":"https:\/\/lists.fedoraproject.org\/archives\/list\/package-announce%40lists.fedoraproject.org\/message\/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK\/","source":"report@snyk.io"},{"url":"https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGWEBJARSNPM-572317","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https:\/\/security.snyk.io\/vuln\/SNYK-JS-THENIFY-571690","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https:\/\/github.com\/thenables\/thenify\/blob\/master\/index.js%23L17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https:\/\/github.com\/thenables\/thenify\/commit\/0d94a24eb933bc835d568f3009f4d269c4c4c17a","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https:\/\/lists.debian.org\/debian-lts-announce\/2022\/09\/msg00039.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https:\/\/lists.fedoraproject.org\/archives\/list\/package-announce%40lists.fedoraproject.org\/message\/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3\/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https:\/\/lists.fedoraproject.org\/archives\/list\/package-announce%40lists.fedoraproject.org\/message\/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK\/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https:\/\/security.snyk.io\/vuln\/SNYK-JAVA-ORGWEBJARSNPM-572317","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https:\/\/security.snyk.io\/vuln\/SNYK-JS-THENIFY-571690","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}