CVE-2020-7677

Published July 25th, 2022

View on NVD ↗

CVSS v3

8.6

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.

thenables/thenify

Promisify a callback-based function

GitHub

109