2 matches found
geojson2 (>=0.1.1 <=0.1.8) potentially affected by CVE-2020-28429 via geojson2kml (=0.1.1)
geojson2kml NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on geojson2kml and may be impacted: - geojson2 =0.1.1, =0.1.8 Source cves: CVE-2020-28429 Source advisory: OSV:GHSA-W83X-FP72-P9QC...
CVE-2020-28429
All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require"geojson2kml"; a"./","& touch JHU",function...