Wiz
Vulnerability DatabaseCVE-2020-7604

CVE-2020-7604
JavaScript vulnerability analysis and mitigation

Overview

A command injection vulnerability exists in pulverizr through version 0.7.0. Within the "lib/job.js" file, the variable "filename" can be controlled by an attacker and is used to construct the argument of an exec call without proper sanitization. To exploit this vulnerability, an attacker needs to create a new file with the same name as the attack command (NVD, Snyk).

Technical details

The vulnerability exists in the lib/job.js file where the filename variable is used unsanitized in an exec call. The attack requires creating a file with a name matching the intended command to be executed. A proof of concept demonstrates exploitation by creating a file named '";touch Song;&a.jpg' which leads to command injection (Snyk).

Impact

Successful exploitation allows an attacker to execute arbitrary commands on the system where pulverizr is running. This could lead to complete system compromise depending on the privileges under which the application is running (Snyk).

Mitigation and workarounds

There is no fixed version available for pulverizr. Users should consider using alternative image processing libraries with proper input sanitization (Snyk).

Additional resources

SourceThis report was generated using AI

Related JavaScript vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2026-22610HIGH8.5
  • JavaScriptJavaScript
  • angular.js
NoYesJan 10, 2026
CVE-2026-22595HIGH8.1
  • JavaScriptJavaScript
  • ghost
NoYesJan 10, 2026
CVE-2026-22594HIGH8.1
  • JavaScriptJavaScript
  • ghost
NoYesJan 10, 2026
CVE-2026-22596MEDIUM6.7
  • JavaScriptJavaScript
  • ghost
NoYesJan 10, 2026
CVE-2026-22597LOW2
  • JavaScriptJavaScript
  • ghost
NoYesJan 10, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo