78 matches found
EUVD-2021-2386
Malware in sbrugna...
EUVD-2021-2313
Malware in sbrugna...
EUVD-2021-2295
Malware in sbrugna...
EUVD-2021-2366
Malware in sbrugna...
EUVD-2020-19248
Malware in sbrugna...
EUVD-2021-2329
Malware in sbrugna...
EUVD-2021-2294
Malware in sbrugna...
CVE-2020-36379
An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
CVE-2020-36378
An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
CVE-2020-36377
An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
CVE-2020-36376
An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
CVE-2020-36381
An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
CVE-2020-36380
An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
CVE-2020-26707
An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 which allows attackers to execute arbitrary code via the filePath parameter...
@10yun/cv-mobile-ui (=0.3.20), @ant-hospital/drantsdk-module (=1.0.0) +158 more potentially affected by unknown CVE via aaptjs (=1.3.2)
aaptjs NPM version =1.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on aaptjs and may be impacted: - @10yun/cv-mobile-ui =0.3.20 - @ant-hospital/drantsdk-module =1.0.0 - @chinapnr/dg-bill-plugin =1.1.0 - @dcloudio/uni-quickapp =2.0.0-26820200330001,...
Denial of Service (DoS)
Overview aaptjs is an A node wraper for aapt Affected versions of this package are vulnerable to Denial of Service DoS via the add function which can be used to iteratively create new zip files from previous ones, eventually filling up the file system storage space. PoC js const pkg =...
Command Injection
Overview aaptjs is an A node wraper for aapt Affected versions of this package are vulnerable to Command Injection due to improper input sanitization via the add function when using pipe | after the zip file value. PoC js const pkg = require'aaptjs'; pkg.add'test0.zip | touch exploited.txt',...
@10yun/cv-mobile-ui (=0.3.20), @ant-hospital/drantsdk-module (=1.0.0) +158 more potentially affected by unknown CVE via aaptjs (=1.3.2)
aaptjs NPM version =1.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on aaptjs and may be impacted: - @10yun/cv-mobile-ui =0.3.20 - @ant-hospital/drantsdk-module =1.0.0 - @chinapnr/dg-bill-plugin =1.1.0 - @dcloudio/uni-quickapp =2.0.0-26820200330001,...
GHSA-4QWQ-Q4PR-RR7R Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters
aaptjs is a node wraper for aapt. An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters...