Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-36377 Vulnerability in npm package aaptjs

Description

An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

Remediation

References

https://github.com/shenzhim/aaptjs/issues/2

Related Vulnerabilities

CVE-2020-26870 Vulnerability in maven package org.webjars.npm:dompurify

CVE-2022-25296 Vulnerability in npm package bodymen

CVE-2022-43431 Vulnerability in maven package com.compuware.jenkins:compuware-strobe-measurement

CVE-2015-0250 Vulnerability in maven package batik:batik-dom

CVE-2020-7739 Vulnerability in npm package phantomjs-seo

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Third Party Advisory