Description
This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:
Remediation
References
https://github.com/skoranga/node-connection-tester/pull/10
https://snyk.io/vuln/SNYK-JS-CONNECTIONTESTER-1048337
Related Vulnerabilities
CVE-2020-7768 Vulnerability in maven package org.webjars.npm:grpc
CVE-2021-25931 Vulnerability in maven package org.opennms:opennms-webapp
CVE-2022-35917 Vulnerability in npm package @solana/pay
CVE-2020-1954 Vulnerability in maven package org.apache.cxf:cxf-rt-management
CVE-2019-17426 Vulnerability in maven package org.webjars.npm:mongoose