Description

This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:

Remediation

References

https://github.com/skoranga/node-connection-tester/pull/10

https://snyk.io/vuln/SNYK-JS-CONNECTIONTESTER-1048337

Related Vulnerabilities

CVE-2020-7768 Vulnerability in maven package org.webjars.npm:grpc

CVE-2021-25931 Vulnerability in maven package org.opennms:opennms-webapp

CVE-2022-35917 Vulnerability in npm package @solana/pay

CVE-2020-1954 Vulnerability in maven package org.apache.cxf:cxf-rt-management

CVE-2019-17426 Vulnerability in maven package org.webjars.npm:mongoose

Severity

Critical

Classification

CWE-78

Tags

Patch Third Party Advisory Exploit