CVE-2020-28439 Vulnerability in npm package corenlp-js-prefab

Description

This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:

Remediation

References

https://snyk.io/vuln/SNYK-JS-CORENLPJSPREFAB-1050434

Related Vulnerabilities

CVE-2018-1336 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

CVE-2020-7746 Vulnerability in maven package org.webjars.bowergithub.chartjs:chart.js

CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-logparser

CVE-2023-50709 Vulnerability in npm package @cubejs-backend/api-gateway

CVE-2022-41654 Vulnerability in npm package ghost

Severity

Critical

Classification

CWE-78