7 matches found
CVE-2020-36379
CVE-2020-36379 affects shenzhim aaptjs 1.3.1 where the remove function is vulnerable. The evidence consistently states that an attacker can trigger remote code execution by supplying crafted filePath parameters, enabling arbitrary code execution via a network vector. Several connected records (Re...
CVE-2020-36378
CVE-2020-36378 affects shenzhim aaptjs 1.3.1, where the packageCmd function allows remote arbitrary code execution via filePath parameters. The issue enables an attacker to execute arbitrary code and is rated with high/critical impact (CVSS v3.1: 9.8) with network access and no privileges require...
CVE-2020-36376
CVE-2020-36376 affects shenzhim aaptjs 1.3.1 (node wrapper for aapt). The list function accepts a filePath parameter that can be exploited to execute arbitrary code, enabling RCE. Public sources (NVD and other aggregations) assign a high/critical impact with network attack vector and no user inte...
CVE-2020-36381
Vulnerability details (CVE-2020-36381): In shenzhim aaptjs v1.3.1, the singleCrunch function allows arbitrary code execution via the filePath parameter. This node wrapper for aapt is reported to be vulnerable across multiple sources (NVD entry and vendor/advisories). Affected component: singleCru...
CVE-2020-36377
CVE-2020-36377 affects shenzhim aaptjs 1.3.1. The dump function is exploitable to execute arbitrary code via the filePath parameter, with the CVSSv3.1 impact listed as CRITICAL (9.8) and network attack vector. The available documents consistently describe remote code execution in the dump functio...
CVE-2020-36380
CVE-2020-36380 : In shenzhim aaptjs 1.3.1, the crunch function accepts unvalidated filePath parameters, enabling arbitrary code execution. Multiple sources (NVD entry and linked advisories) describe remote code execution via this parameter, with CVSS v3.1 base score 9.8 (CRITICAL) and CVSS v2.0 b...
CVE-2020-26707
CVE-2020-26707 affects Shenzhim AAPTJS 1.3.1. The issue lies in the add function, where the filePath parameter can be manipulated to execute arbitrary code. Public sources in the dataset corroborate a high-severity, network-exposed flaw with depicted impact on confidentiality, integrity, and avai...