Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-36379 Vulnerability in npm package aaptjs

Description

An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

Remediation

References

https://github.com/shenzhim/aaptjs/issues/2

Related Vulnerabilities

CVE-2022-41918 Vulnerability in maven package org.opensearch.plugin:opensearch-security

CVE-2021-32854 Vulnerability in maven package org.webjars.npm:textangular

CVE-2021-22204 Vulnerability in npm package exiftool-vendored

CVE-2023-26111 Vulnerability in npm package @nubosoftware/node-static

CVE-2023-49397 Vulnerability in maven package com.jfinal:jfinal

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Third Party Advisory