Description
A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.
Remediation
References
https://hackerone.com/reports/703412
Related Vulnerabilities
CVE-2019-12041 Vulnerability in npm package remarkable
CVE-2020-13956 Vulnerability in maven package org.apache.httpcomponents.client5:httpclient5
CVE-2020-6460 Vulnerability in maven package org.webjars.npm:electron
CVE-2021-29425 Vulnerability in maven package commons-io:commons-io
CVE-2017-16670 Vulnerability in maven package com.smartbear.soapui:soapui-project