Critical severityNVD Advisory· Published Jan 4, 2021· Updated Sep 17, 2024
Remote Code Execution (RCE)
CVE-2020-28464
Description
This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
djvnpm | < 2.1.4 | 2.1.4 |
Affected products
2- djv/djvdescription
Patches
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-4hv7-3q38-97m8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-28464ghsaADVISORY
- github.com/korzio/djv/blob/master/lib/utils/properties.js%23L55ghsax_refsource_MISCWEB
- github.com/korzio/djv/pull/98/filesghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-DJV-1014545ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.