Access Policy
1 CVEs
product
Monthly
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
RCE
Code Injection
Access Policy
NVD
CVSS 3.1
9.8
EPSS
2.5%
CVE-2020-7674
npm
EPSS 3%
CVSS 9.8
CRITICAL
POC
Act Now
access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
RCE
Code Injection
Access Policy
NVD