{"vulnerability": "CVE-2020-2842", "sightings": [{"uuid": "cfb4fd7c-9b0a-4302-a9b4-c80b01d8a6c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28422", "type": "seen", "source": "https://t.me/cibsecurity/46932", "content": "\u203c CVE-2020-28422 \u203c\n\nAll versions of package git-archive are vulnerable to Command Injection via the exports function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-25T18:43:32.000000Z"}, {"uuid": "d821ef61-e4ab-4a90-a46a-f9e50e55a492", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28424", "type": "seen", "source": "https://t.me/cibsecurity/47415", "content": "\u203c CVE-2020-28424 \u203c\n\nThis affects all versions of package s3-kilatstorage.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T18:18:00.000000Z"}, {"uuid": "c65af740-88d1-4d3c-ac8d-f2cc170915ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28423", "type": "seen", "source": "https://t.me/cibsecurity/47414", "content": "\u203c CVE-2020-28423 \u203c\n\nThis affects all versions of package monorepo-build.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T18:17:59.000000Z"}, {"uuid": "3322a57b-34e6-438f-9e1f-48f7e353b1e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28425", "type": "seen", "source": "https://t.me/cibsecurity/47413", "content": "\u203c CVE-2020-28425 \u203c\n\nThis affects all versions of package curljs.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-08-02T18:17:58.000000Z"}, {"uuid": "ff26540d-0e2c-4acc-a972-044839eedee3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28429", "type": "published-proof-of-concept", "source": "https://t.me/cibsecurity/23994", "content": "\u203c CVE-2020-28429 \u203c\n\nAll versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require(\"geojson2kml\"); a(\"./\",\"&amp; touch JHU\",function(){})\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-23T18:35:13.000000Z"}, {"uuid": "724ae319-6de5-416d-873c-7fb4ee9e6d7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28426", "type": "seen", "source": "https://t.me/cibsecurity/22889", "content": "\u203c CVE-2020-28426 \u203c\n\nAll versions of package kill-process-on-port are vulnerable to Command Injection via a.getProcessPortId.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-01T19:25:03.000000Z"}, {"uuid": "60afb533-d256-461b-9129-86276f499ea0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-28421", "type": "seen", "source": "https://t.me/cibsecurity/16697", "content": "\u203c CVE-2020-28421 \u203c\n\nCA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-23T18:45:50.000000Z"}]}