Description
A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.
Remediation
References
https://hackerone.com/reports/703412
Related Vulnerabilities
CVE-2022-36904 Vulnerability in maven package org.jenkins-ci.plugins:repository-connector
CVE-2017-4974 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-common
CVE-2019-12043 Vulnerability in maven package org.webjars.bowergithub.jonschlinkert:remarkable
CVE-2022-25349 Vulnerability in maven package org.webjars.npm:materialize-css