Lucene search
SnykCVELIST:CVE-2020-28429HistoryFeb 23, 2021 - 12:00 a.m.
CVE-2020-28429 Command Injection
2021-02-2300:00:00
snyk
www.cve.org
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.7 High
AI Score
Confidence
High
0.029 Low
EPSS
Percentile
90.9%
All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require(“geojson2kml”); a(“./”,“& touch JHU”,function(){})
CNA Affected
[
{
"product": "geojson2kml",
"vendor": "n/a",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
]References
Related
cve
cve
CVE-2020-28429
2021-02-23 15:15:15
veracode
veracode
OS Command Injection
2021-02-24 02:08:06
prion
prion
Command injection
2021-02-23 15:15:00
osv
osv
Command Injection in geojson2kml
2021-05-10 15:59:33
nvd
nvd
CVE-2020-28429
2021-02-23 15:15:15
github
github
Command Injection in geojson2kml
2021-05-10 15:59:33
7.3 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
9.7 High
AI Score
Confidence
High
0.029 Low
EPSS
Percentile
90.9%
Related for CVELIST:CVE-2020-28429