Arbitrary Command Execution in gulp-styledocco (<= 0.0.3)
CVE-2020-7607 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization.
Learn more about our User Device Pen Test.