13 matches found
EUVD-2020-0516
Malware in sbrugna...
CVE-2020-8149
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...
Arbitrary shell command execution in logkitty
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...
@acaciomartins/react-native-simpletable (>=0.0.1 <=0.0.2), @alan-ai/alan-sdk-react-native (>=1.0.4 <=1.0.7) +795 more potentially affected by CVE-2020-8149 via logkitty (>=0.4.2 <=0.6.1)
logkitty NPM version =0.4.2, =0.0.1, =1.0.4, =2.3.3, =2.0.1, =2.0.1758683737, =2.1.87, =1.0.1767254401, =1.3.0, =1.0.1, =1.0.2, =1.1.0 and more Source cves: CVE-2020-8149 Source advisory: OSV:GHSA-V8V8-6859-QXM4...
GHSA-V8V8-6859-QXM4 Arbitrary shell command execution in logkitty
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...
logkitty npm package code injection vulnerability
The logkitty npm package is a package for displaying Android and iOS logs. A code injection vulnerability in logkitty npm package versions prior to 0.7.1, which stems from the program's lack of output cleanup, can be exploited by an attacker to execute arbitrary shell commands...
CVE-2020-8149
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...
CVE-2020-8149
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...
CVE-2020-8149
The CVE-2020-8149 issue affects the logkitty npm package prior to version 0.7.1. Root cause: lack of output sanitization leads to code injection where an attacker can cause arbitrary shell commands to be executed. Impact: remote code execution via logkitty when processing log output, enabling att...
CVE-2020-8149
Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1...
OS Command Injection
logkitty is vulnerable to OS Command Injection. The vulnerability exists as the variable adbPath is not sanitized and can reach execSync...
Command Injection in zamotany/logkitty
Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. Proof of Concept Credit: Mik317 1. Check there aren't files called HACKED 2. Execute the following commands in another terminal: bash npm i logkitty Install affected module logkit...
Node.js third-party modules: [logkitty] RCE via insecure command formatting
I would like to report a RCE issue in the logkitty module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: logkitty version: 0.7.0 npm page: https://www.npmjs.com/package/logkitty Module Description Display pretty Android and iOS logs without Android...