Description
This affects all versions of package buns. The injection point is located in line 678 in index file lib/index.js in the exported function install(requestedModule).
Remediation
References
https://snyk.io/vuln/SNYK-JS-BUNS-1050389
Related Vulnerabilities
CVE-2022-36896 Vulnerability in maven package com.compuware.jenkins:compuware-scm-downloader
CVE-2021-37533 Vulnerability in maven package commons-net:commons-net
CVE-2018-17192 Vulnerability in maven package org.apache.nifi:nifi-jetty-bundle
CVE-2020-13936 Vulnerability in maven package org.apache.velocity:velocity-engine-core
CVE-2023-31206 Vulnerability in maven package org.apache.inlong:manager-pojo