CVE-2020-28439 Vulnerability in npm package corenlp-js-prefab

Description

This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:

Remediation

References

https://snyk.io/vuln/SNYK-JS-CORENLPJSPREFAB-1050434

Related Vulnerabilities

CVE-2019-20921 Vulnerability in npm package bootstrap-select

CVE-2021-25929 Vulnerability in maven package org.opennms:opennms-webapp

CVE-2019-10337 Vulnerability in maven package org.jenkins-ci.plugins:token-macro

CVE-2020-28459 Vulnerability in npm package markdown-it-decorate

CVE-2020-28480 Vulnerability in maven package org.webjars.npm:jointjs

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H