WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2020-28464 Vulnerability in npm package djv

Description

This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.

Remediation

References

https://github.com/korzio/djv/blob/master/lib/utils/properties.js%23L55

https://github.com/korzio/djv/pull/98/files

https://snyk.io/vuln/SNYK-JS-DJV-1014545

Related Vulnerabilities

CVE-2022-21680 Vulnerability in npm package marked

CVE-2023-47322 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web

CVE-2021-23436 Vulnerability in npm package immer

CVE-2020-11971 Vulnerability in maven package org.apache.camel:camel-api

CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty:jetty-http

Severity

Critical

Classification

CWE-94

Tags

Broken Link Patch Third Party Advisory Exploit