← Back

Geojson2kml Project

geojson2kml_project

1 CVE • 1 product

Products (1)

Click to collapse
Toggle
Geojson2kml
geojson2kml
1 CVE

CVEs (1)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-28429
1Geojson2kml Project
1Geojson2kml
Nov 21, 2024
Feb 23, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})