Security Advisory

CVE-2020-28429

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-02-23 15:10:14

Last updated 2024-09-16 20:42:16

Assigner snyk

State PUBLISHED

Description

All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})

← Browse all CVEs View on cve.org ↗