Description
An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
Remediation
References
https://github.com/shenzhim/aaptjs/issues/2
Related Vulnerabilities
CVE-2018-14042 Vulnerability in maven package org.webjars:bootstrap-sass
CVE-2017-18354 Vulnerability in npm package rendertron-middleware
CVE-2021-46366 Vulnerability in maven package info.magnolia:magnolia-core
CVE-2019-1010266 Vulnerability in maven package org.webjars.bower:lodash
CVE-2023-41900 Vulnerability in maven package org.eclipse.jetty:jetty-openid