CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-28429

All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})

Exploit prediction scoring system (EPSS) score

EPSS Score 0.754

EPSS Ranking 98.8%

CVSS Severity

CVSS v3 Score 7.3

CVSS v2 Score 7.5

References

https://snyk.io/vuln/SNYK-JS-GEOJSON2KML-1050412
https://snyk.io/vuln/SNYK-JS-GEOJSON2KML-1050412

Products affected by CVE-2020-28429

Geojson2kml Project » Geojson2kml » Version: N/A

cpe:2.3:a:geojson2kml_project:geojson2kml:-
Geojson2kml Project » Geojson2kml » Version: 0.1.0

cpe:2.3:a:geojson2kml_project:geojson2kml:0.1.0
Geojson2kml Project » Geojson2kml » Version: 0.1.1

cpe:2.3:a:geojson2kml_project:geojson2kml:0.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-28429

Products

Pricing

Contact Us