CVE-2020-28429

All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})
References
Link Resource
https://snyk.io/vuln/SNYK-JS-GEOJSON2KML-1050412 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:geojson2kml_project:geojson2kml:*:*:*:*:*:node.js:*:*

Information

Published : 2021-02-23 03:15

Updated : 2021-07-21 11:39


NVD link : CVE-2020-28429

Mitre link : CVE-2020-28429

Products Affected
No products.
CWE