Description

This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:

Remediation

References

https://github.com/skoranga/node-connection-tester/pull/10

https://snyk.io/vuln/SNYK-JS-CONNECTIONTESTER-1048337

Related Vulnerabilities

CVE-2021-23452 Vulnerability in npm package x-assign

CVE-2022-24197 Vulnerability in maven package com.itextpdf:itext7-core

CVE-2021-23377 Vulnerability in npm package onion-oled-js

CVE-2022-2218 Vulnerability in npm package parse-url

CVE-2017-16006 Vulnerability in npm package remarkable

Severity

Critical

Classification

CWE-78

Tags

Patch Third Party Advisory Exploit