CVE-2020-28429
HIGH NUCLEIgeojson2kml - OS Command Injection via index.js
Title source: llmExploitation Summary
CVE-2020-28429 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){})
Nuclei Templates (1)
geojson2kml - Command Injection
CRITICALby eeche,chae1xx1os,persona-twotwo,soonghee2
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-GEOJSON2KML-1050412
Scores
CVSS v3
7.3
EPSS
0.6331
EPSS Percentile
99.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-78
Status
published
Products (2)
geojson2kml_project/geojson2kml
npm/geojson2kml
0npm
Published
Feb 23, 2021
Tracked Since
Feb 18, 2026