CVE-2020-28445
CRITICALnpm-help - OS Command Injection in export.latestVersion()
Title source: llmDescription
This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://security.snyk.io/vuln/SNYK-JS-NPMHELP-1050983
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20220901-0012/
Scores
CVSS v3
9.8
EPSS
0.0121
EPSS Percentile
64.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (1)
npm-help_project/npm-help
Published
Jul 25, 2022
Tracked Since
Feb 18, 2026