Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-36380 Vulnerability in npm package aaptjs

Description

An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

Remediation

References

https://github.com/shenzhim/aaptjs/issues/2

Related Vulnerabilities

CVE-2020-28481 Vulnerability in maven package org.webjars.npm:socket.io

CVE-2014-0050 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2023-3691 Vulnerability in npm package layui

CVE-2022-21122 Vulnerability in npm package metacalc

CVE-2021-21409 Vulnerability in maven package io.netty:netty-codec-http2

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory