Vulnerability CVE-2020-7678


Published: 2022-07-25

Description:
This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the ??eval? function located in line 79 in the index file "index.js".

 References:
https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691
https://github.com/mahdaen/node-import/blob/master/index.js%23L79

Copyright 2026, cxsecurity.com

 

Back to Top