CVE-2020-7677

Publication date 25 July 2022

Last updated 25 August 2025


Ubuntu priority

Cvss 3 Severity Score

9.8 · Critical

Score breakdown

Description

This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.

Status

Package Ubuntu Release Status
node-thenify 23.04 lunar
Not affected
22.10 kinetic
Not affected
22.04 LTS jammy
Not affected
20.04 LTS focal
Fixed 3.3.0-1+deb10u1build0.20.04.1
18.04 LTS bionic
Fixed 3.3.0-1+deb10u1build0.18.04.1
16.04 LTS xenial Not in release
14.04 LTS trusty Not in release

Severity score breakdown

CVSS version: CVSS v3.0

Base score 9.8 · Critical

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H


Access our resources on patching vulnerabilities