CVE-2020-7613: 
JavaScript vulnerability analysis and mitigation

clamscan through 1.2.0 is vulnerable to Command Injection in the _is_clamav_binary function located within Index.js. The vulnerability (CVE-2020-7613) was discovered and disclosed on April 1, 2020, affecting the clamscan npm package versions below 1.3.0. This vulnerability requires a prerequisite condition where a folder must be created with the same command that will be chained to execute, which reduces the overall risk (Snyk DB, NVD).

The vulnerability exists in the _is_clamav_binary function within Index.js. The function lacks proper input validation, allowing attackers to inject arbitrary commands. The CVSS v3.1 base score is 3.6 (Low), with attack vector being Local, attack complexity High, and requiring low privileges. The vulnerability affects the package's integrity and confidentiality with low impact, while having no impact on availability (Snyk DB).

A successful exploitation could allow an attacker to execute arbitrary commands on the affected system. However, the impact is limited by the prerequisite condition that requires a folder to be created with the same command that will be chained to execute. The vulnerability can lead to modification of data and potential access to restricted information, though the attacker's control over these outcomes is limited (Snyk DB).

The recommended mitigation is to upgrade the clamscan package to version 1.3.0 or higher, which contains the fix for this vulnerability (Snyk DB).