Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade dbgate-api to version 7.1.9 or higher.
dbgate-api is an Allows run DbGate data-manipulation scripts.
Affected versions of this package are vulnerable to Insecure Default Initialization of Resource via the functionName parameter in JSON script assign commands, which is interpolated directly into dynamically generated JavaScript code and executed in a forked Node.js child process. An attacker can execute arbitrary code on the server by supplying crafted input that injects malicious JavaScript. This is only exploitable if authentication is not explicitly enabled, as the default deployment allows unauthenticated access.