Description

This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:

Remediation

References

https://github.com/skoranga/node-connection-tester/pull/10

https://snyk.io/vuln/SNYK-JS-CONNECTIONTESTER-1048337

Related Vulnerabilities

CVE-2022-28220 Vulnerability in maven package org.apache.james.protocols:protocols-api

CVE-2022-44262 Vulnerability in maven package org.ff4j:ff4j-core

CVE-2018-1272 Vulnerability in maven package org.springframework:spring-core

CVE-2021-23341 Vulnerability in npm package prismjs

CVE-2023-26158 Vulnerability in npm package mockjs

Severity

Critical

Classification

CWE-78

Tags

Patch Third Party Advisory Exploit