Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-36376 Vulnerability in npm package aaptjs

Description

An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

Remediation

References

https://github.com/shenzhim/aaptjs/issues/2

Related Vulnerabilities

CVE-2021-23624 Vulnerability in npm package dotty

CVE-2022-24723 Vulnerability in npm package urijs

CVE-2022-41853 Vulnerability in maven package org.hsqldb:hsqldb

CVE-2022-42466 Vulnerability in maven package org.apache.isis.core:isis-applib

CVE-2022-29257 Vulnerability in maven package org.webjars.npm:electron

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Third Party Advisory