Description
This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:
Remediation
References
https://github.com/skoranga/node-connection-tester/pull/10
https://snyk.io/vuln/SNYK-JS-CONNECTIONTESTER-1048337
Related Vulnerabilities
CVE-2023-37960 Vulnerability in maven package io.jenkins.plugins:mathworks-polyspace
CVE-2021-21412 Vulnerability in npm package egf
CVE-2014-3596 Vulnerability in maven package org.apache.axis:axis
CVE-2021-25915 Vulnerability in npm package changeset
CVE-2023-6293 Vulnerability in npm package sequelize-typescript