npm package
scratch-vm
pkg:npm/scratch-vm
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-14000 | — | < 0.2.0-prerelease.20200714185213 | 0.2.0-prerelease.20200714185213 | Jul 16, 2020 | MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. T |
- CVE-2020-14000Jul 16, 2020affected < 0.2.0-prerelease.20200714185213fixed 0.2.0-prerelease.20200714185213
MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. T