CVE-2020-8178
Publication date 15 July 2020
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.
Status
Package | Ubuntu Release | Status |
---|---|---|
node-jison | 24.10 oracular |
Needs evaluation
|
24.04 LTS noble |
Needs evaluation
|
|
22.04 LTS jammy |
Needs evaluation
|
|
20.04 LTS focal |
Needs evaluation
|
|
18.04 LTS bionic |
Needs evaluation
|
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release |
Notes
eslerm
from GHSA “This vulnerability is not present in the released npm package. Rather the vulnerable code is part of the repo, but not part of the package.”
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |