CVE-2020-7636
Description
adb-driver through 0.1.8 is vulnerable to command injection via unsanitized input in the command function, allowing arbitrary code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
adb-driver through 0.1.8 is vulnerable to command injection via unsanitized input in the command function, allowing arbitrary code execution.
The adb-driver package versions prior to and including 0.1.8 contain a command injection vulnerability in the command function. The issue arises because user-controlled input is passed directly to a command execution interface without any sanitization [1][2].
Exploitation requires an attacker to control the command argument passed to the execADBCommand function. No authentication is needed; the attacker only needs to invoke the vulnerable API. A proof-of-concept demonstrates injection of arbitrary commands by appending a concatenation operator and a command string [2].
Successful exploitation allows an attacker to execute arbitrary operating system commands with the privileges of the application using the adb-driver package. This can lead to full compromise of the host system or device.
As of the publication of this CVE, there is no fixed version available for adb-driver. Users are advised to avoid using the package or to implement their own input validation and sanitization as a workaround [2].
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
adb-drivernpm | <= 0.1.8 | — |
Affected products
2- adb-driver/adb-driverdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-4m6q-rxhm-675wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7636ghsaADVISORY
- snyk.io/vuln/SNYK-JS-ADBDRIVER-564430ghsax_refsource_MISCWEB
- www.npmjs.com/package/adb-driverghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.