Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-36377 Vulnerability in npm package aaptjs

Description

An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

Remediation

References

https://github.com/shenzhim/aaptjs/issues/2

Related Vulnerabilities

CVE-2021-24033 Vulnerability in maven package org.webjars.npm:react-dev-utils

CVE-2023-26049 Vulnerability in maven package org.eclipse.jetty:jetty-server

CVE-2020-15262 Vulnerability in npm package webpack-subresource-integrity

CVE-2019-14862 Vulnerability in maven package org.jszip.redist:knockout

CVE-2022-45688 Vulnerability in maven package cn.hutool:hutool-json

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Third Party Advisory