CVE-2020-28429

Critical

All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml");…

snyk·CWE-78·Published 2021-02-23

CVSS

9.8

EPSS

0.63

KEV

Exploits

cve.orgen

165 chars

All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})

NVDen

165 chars

All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})

All versions up to and including version 0.1.1 of package geojson2kml are vulnerable to Command Injection via the index.js file. ### PoC: ```js var a =require("geojson2kml"); a("./","& touch JHU",function(){}) ```

GHSAen

217 chars

NVDes

203 chars

Todas las versiones del paquete geojson2kml son vulnerables a una Inyección de Comando por medio del archivo index.js. PoC: var a =require("geojson2kml"); a("./","& touch JHU", función(){})

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	7.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3.1	Primary	cve.org	7.3	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
3.1	Secondary	GHSA	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	NVD	7.3	3.9	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L