Description
A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.
Remediation
References
https://hackerone.com/reports/703412
Related Vulnerabilities
CVE-2022-29078 Vulnerability in maven package org.webjars.npm:ejs
CVE-2017-16207 Vulnerability in npm package discordi.js
CVE-2020-15366 Vulnerability in npm package ajv
CVE-2015-7940 Vulnerability in maven package org.bouncycastle:bcprov-jdk14
CVE-2023-22621 Vulnerability in npm package @strapi/plugin-email