Miggo Logo
Miggo Vulnerability Database
CVE-2020-7613

CVE-2020-7613: Clamscan vulnerable to command injection

8.1

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-7613
GHSA ID
GHSA-5v25-xr56-phph
EPSS Score
0.81979%
CWE
CWE-74
Published
5/24/2022
Updated
10/19/2023
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
clamscannpm<= 1.2.01.3.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability was explicitly documented in the CVE description as occurring in the _is_clamav_binary function. The GitHub commit diff shows the fix changed from using cp_exec with a concatenated command string to using cp_execfile with separated command/arguments, a classic command injection mitigation pattern. The PoC demonstrates how controlling the scanner path parameter enables command injection through improper command string construction.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*l*ms**n t*rou** *.*.* is vuln*r**l* to *omm*n* Inj**tion. It is possi*l* to inj**t *r*itr*ry *omm*n*s *s p*rt o* t** `_is_*l*m*v_*in*ry` *un*tion lo**t** wit*in `In**x.js`. It s*oul* ** not** t**t t*is vuln*r**ility r*quir*s * pr*-r*quisit* t**t * *

Reasoning

T** vuln*r**ility w*s *xpli*itly *o*um*nt** in t** *V* **s*ription *s o**urrin* in t** _is_*l*m*v_*in*ry *un*tion. T** *it*u* *ommit *i** s*ows t** *ix ***n*** *rom usin* *p_*x** wit* * *on**t*n*t** *omm*n* strin* to usin* *p_*x***il* wit* s*p*r*t**