Security Advisory

CVE-2020-7604

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-03-15 21:28:34

Last updated 2024-08-04 09:33:19

Assigner snyk

State PUBLISHED

Description

pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "filename" can be controlled by the attacker. This function uses the variable "filename" to construct the argument of the exec call without any sanitization. In order to successfully exploit this vulnerability, an attacker will need to create a new file with the same name as the attack command.

← Browse all CVEs View on cve.org ↗