Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-36380 Vulnerability in npm package aaptjs

Description

An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.

Remediation

References

https://github.com/shenzhim/aaptjs/issues/2

Related Vulnerabilities

CVE-2018-16330 Vulnerability in npm package editor.md

CVE-2022-36076 Vulnerability in npm package nodebb

CVE-2021-32731 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web

CVE-2020-7642 Vulnerability in maven package org.webjars.bowergithub.afarkas:lazysizes

CVE-2020-7637 Vulnerability in npm package class-transformer

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory