Description
A code injection exists in node-df v0.1.4 that can allow an attacker to remote code execution by unsanitized input.
Remediation
References
https://hackerone.com/reports/703412
Related Vulnerabilities
CVE-2021-27905 Vulnerability in maven package org.apache.solr:solr-core
CVE-2020-10672 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2022-4742 Vulnerability in maven package org.webjars.npm:json-pointer
CVE-2022-24760 Vulnerability in npm package parse-server
CVE-2017-18239 Vulnerability in maven package com.jason-goodwin:authentikat-jwt_2.12