geojson2kml - Command Injection

Detects command injection vulnerability by checking if hacked.txt is created and contains the expected content. id: CVE-2020-28429 info: name: geojson2kml - Command Injection author: eeche,chae1xx1os,persona-twotwo,soonghee2 severity: critical description: | Detects command injection vulnerabilit...

Command Injection in geojson2kml

All versions up to and including version 0.1.1 of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: js var a =require"geojson2kml"; a"./","& touch JHU",function...

geojson2 (>=0.1.1 <=0.1.8) potentially affected by CVE-2020-28429 via geojson2kml (=0.1.1)

geojson2kml NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on geojson2kml and may be impacted: - geojson2 =0.1.1, =0.1.8 Source cves: CVE-2020-28429 Source advisory: OSV:GHSA-W83X-FP72-P9QC...

GHSA-W83X-FP72-P9QC Command Injection in geojson2kml

All versions up to and including version 0.1.1 of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: js var a =require"geojson2kml"; a"./","& touch JHU",function...

OS Command Injection

geojson2kml is vulnerable to OS Command Injection. The vulnerability exists as the values of inPath and outPath are not sanitized, and are used to construct the command that gets passed into childprocess.exec...

CVE-2020-28429

All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require"geojson2kml"; a"./","& touch JHU",function...

Command injection

All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require"geojson2kml"; a"./","& touch JHU",function...

CVE-2020-28429

geojson2kml is vulnerable to Command Injection via the index.js file. Affected software: geojson2kml Node.js module. Root cause: unsafely constructs commands (PoC shows passing shell commands) leading to potential remote code execution. Impact stated in connected docs includes unauthorized access...

CVE-2020-28429 Command Injection

All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require"geojson2kml"; a"./","& touch JHU",function...

geojsonkml Command Injection Vulnerability

geojsonkml is an open source node.js module for converting geojson to kml. A command injection vulnerability exists in geojson2kml, which stems from vulnerability to command injection attacks via the index.js file...

geojson2 (>=0.1.1 <=0.1.8) potentially affected by CVE-2020-28429 via geojson2kml (=0.1.1)

geojson2kml NPM version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on geojson2kml and may be impacted: - geojson2 =0.1.1, =0.1.8 Source cves: CVE-2020-28429 Source advisory: SNYK:JS-GEOJSON2KML-1050412...