CVE-2020-7678
HIGHnode-import - Remote Code Execution via Unsanitized Params Argument
Title source: llmDescription
This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691
Broken Link, Third Party Advisory x_refsource_misc
https://github.com/mahdaen/node-import/blob/master/index.js%23L79
Scores
CVSS v3
8.6
EPSS
0.0093
EPSS Percentile
56.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Details
Status
published
Products (2)
node-import_project/node-import
npm/node-import
0npm
Published
Jul 25, 2022
Tracked Since
Feb 18, 2026