CVE-2020-7712

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-7712

Severity

7.2

High

CVSS V3

Description

This affects the package json before 10.0.0. It is possible to inject arbritary commands using the parseLookup function.

References

https://images.chainguard.dev/security/CGA-9vv8-g8g6-h76r
https://github.com/advisories/GHSA-3c6g-pvg8-gqw2
https://images.chainguard.dev/security/CGA-chrj-hf73-6gf5
https://images.chainguard.dev/security/CGA-wqhc-6326-7f2r
https://images.chainguard.dev/security/CGA-2p2j-g87h-g5xm
https://images.chainguard.dev/security/CGA-5qqf-7w63-hx25
https://images.chainguard.dev/security/CGA-rvp5-7wgc-qhgg
https://images.chainguard.dev/security/CGA-f2q9-8842-vm8g
https://images.chainguard.dev/security/CGA-ff8p-vfgp-36cm
https://images.chainguard.dev/security/CGA-jpcr-3whf-m9hc
https://images.chainguard.dev/security/CGA-3mfg-wvqc-fpmg
https://images.chainguard.dev/security/CGA-fv66-9fw8-gp6x
https://images.chainguard.dev/security/CGA-8x6f-5w3r-h5hx
https://images.chainguard.dev/security/CGA-pjc4-r353-rg95
https://images.chainguard.dev/security/CGA-622m-m68m-7ggq
https://images.chainguard.dev/security/CGA-g6c8-5r48-v6hg
https://images.chainguard.dev/security/CGA-345v-hqm5-8xrc
https://images.chainguard.dev/security/CGA-6wg9-3j64-f8wj
https://images.chainguard.dev/security/CGA-whp3-jj96-vvc2
https://images.chainguard.dev/security/CGA-vvp9-54g9-794g
https://images.chainguard.dev/security/CGA-x5wc-rh46-pj2w
https://images.chainguard.dev/security/CGA-v6c5-q8jg-5686
https://images.chainguard.dev/security/CGA-jm34-5hmg-4xx4
https://images.chainguard.dev/security/CGA-f5qr-9999-86h9
https://images.chainguard.dev/security/CGA-c2h3-p9mm-56pm
https://images.chainguard.dev/security/CGA-96gq-cggr-xh2v
https://images.chainguard.dev/security/CGA-v244-5j7g-jw4g
https://images.chainguard.dev/security/CGA-7w42-m96m-c6jg
https://images.chainguard.dev/security/CGA-wqqg-fvhq-hcg7
https://images.chainguard.dev/security/CGA-q2r2-7hj8-6whg
https://images.chainguard.dev/security/CGA-fr86-hr4c-qvg8
https://images.chainguard.dev/security/CGA-mhhv-hj9h-v8hp
https://images.chainguard.dev/security/CGA-947x-3r27-rcjq
https://images.chainguard.dev/security/CGA-qvg8-h36r-f4rv
https://images.chainguard.dev/security/CGA-5w76-g2h7-gxrp
https://images.chainguard.dev/security/CGA-jww8-jxrp-m42q
https://lists.apache.org/thread.html/r37c0e1807da7ff2bdd028bbe296465a6bbb99e2320dbe661d5d8b33b%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r3b04f4e99a19613f88ae088aa18cd271231a3c79dfff8f5efa8cda61%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r5f17bfca1d6e7f4b33ae978725b2fd62a9f1b3111696eafa9add802d%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r8d2e174230f6d26e16c007546e804c343f1f68956f526daaafa4aaae%40%3Cdev.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/r977a907ecbedf87ae5ba47d4c77639efb120f74d4d1b3de14a4ef4da%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/r9c6d28e5b9a9b3481b7d1f90f1c2f75cd1a5ade91038426e0fb095da%40%3Cdev.flink.apache.org%3E
https://lists.apache.org/thread.html/ra890c24b3d90be36daf48ae76b263acb297003db24c1122f8e4aaef2%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rb023d54a46da1ac0d8969097f5fecc79636b07d3b80db7b818a5c55c%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rb2b981912446a74e14fe6076c4b7c7d8502727ea0718e6a65a9b1be5%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rb89bd82dffec49f83b49e9ad625b1b63a408b3c7d1a60d6f049142a0%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rba7ea4d75d6a8e5b935991d960d9b893fd30e576c4d3b531084ebd7d%40%3Cissues.flink.apache.org%3E
https://lists.apache.org/thread.html/rd9b9cc843f5cf5b532bdad9e87a817967efcf52b917e8c43b6df4cc7%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/rec8bb4d637b04575da41cfae49118e108e95d43bfac39b7b698ee4db%40%3Cissues.zookeeper.apache.org%3E
https://lists.apache.org/thread.html/ree3abcd33c06ee95ab59faa1751198a1186d8941ddc2c2562c12966c%40%3Cissues.zookeeper.apache.org%3E
https://github.com/trentm/json/issues/144
https://github.com/trentm/json/pull/145
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-608932
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-608931
https://snyk.io/vuln/SNYK-JS-JSON-597481
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpujul2022.html

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

Product

Chainguard Containers Chainguard Libraries Chainguard VMs Integrations Pricing

Solutions

FedRAMP PCI DSS Golden Images CVE Remediation Public Sector

Customers

Customer Stories Chainguard Reviews

Resources

Events & Webinars Chainguard Courses Documentation Trust Center

Company

About Us Blog Partners Newsroom Careers Legal