EUVD-2020-20881

Malware in sbrugna...

Command Injection

s3-kilatstorage is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of the input argument allowing an attacker to inject maliciously crafted OS command into the system...

CVE-2020-28424

This affects all versions of package s3-kilatstorage...

Code injection

This affects all versions of package s3-kilatstorage...

CVE-2020-28424 Command Injection

This affects all versions of package s3-kilatstorage...

CVE-2020-28424

CVE-2020-28424 affects all versions of the npm package s3-kilatstorage. The root cause is lack of input sanitization in the code that invokes a shell command (using s3cmd), enabling potential arbitrary command execution. PoC demonstrates injecting commands via an argument to makeBucket(); no fixe...

PT-2022-8887 · Unknown · S3-Kilatstorage

Name of the Vulnerable Software and Affected Versions: s3-kilatstorage affected versions not specified Description: The issue affects all versions of the s3-kilatstorage package. There is no information provided about the estimated number of potentially affected devices worldwide or details about...

npm s3-kilatstorage 操作系统命令注入漏洞

npm s3-kilatstorage is a package from npm USA. It is used to run s3cmd configured and connected to the kilatstorage service using the bash command. An operating system command injection vulnerability exists in all versions of s3-kilatstorage, which stems from the presence of command injection...

Command Injection

Overview s3-kilatstorage is a S3 client for NodeJs 8.X or greater. KilatStorageS3 uses a bash command to run s3cmd which has been configured and connected to the kilatstorage service. You can use this package for Amazon S3 service too. Affected versions of this package are vulnerable to Command...