CVE-2020-7628: 
JavaScript vulnerability analysis and mitigation

CVE-2020-7628 affects the umount package, which is a device management utility in UNIX systems. The vulnerability was discovered and disclosed on April 2, 2020. This command injection vulnerability exists in all versions of the umount package, where the device argument can be controlled by users without proper sanitization (Snyk).

The vulnerability is a command injection flaw where the device parameter in the umount function (located in line 52 of index file build/umount.js) can be manipulated by users without any sanitization. The CVSS v3.1 score is 6.5 (medium severity) according to Snyk's assessment. The vulnerability allows for remote exploitation with high attack complexity, requires no privileges or user interaction, and has an unchanged scope (Snyk).

If exploited, this vulnerability can lead to a total loss of confidentiality, with potential access to restricted information that could have direct, serious impacts. While integrity can be compromised allowing data modification, the attacker's control over modifications is limited. There is no direct impact on system availability (Snyk).

Currently, there is no fixed version available for the umount package. Users should consider implementing additional input validation and sanitization when using the package, or consider alternative solutions for device unmounting functionality (Snyk).