Arbitrary Command Execution in gulp-styledocco (<= 0.0.3)

Arbitrary Command Execution in gulp-styledocco (<= 0.0.3)

CVE-2020-7607 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization.

Learn more about our User Device Pen Test.