Description
A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.
Remediation
References
https://hackerone.com/reports/703412
Related Vulnerabilities
CVE-2023-38507 Vulnerability in npm package @strapi/plugin-users-permissions
CVE-2018-3734 Vulnerability in npm package stattic
CVE-2018-11615 Vulnerability in npm package mosca
CVE-2019-9212 Vulnerability in maven package com.alipay.sofa:hessian
CVE-2020-28267 Vulnerability in npm package @strikeentco/set