Command Injection
Overview aaptjs is an A node wraper for aapt Affected versions of this package are vulnerable to Command Injection due to improper input sanitization via the add function when using pipe | after the zip file value. PoC js const pkg = require'aaptjs'; pkg.add'test0.zip | touch exploited.txt',...