Description
This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:
Remediation
References
https://snyk.io/vuln/SNYK-JS-CORENLPJSPREFAB-1050434
Related Vulnerabilities
CVE-2022-41401 Vulnerability in maven package org.openrefine:main
CVE-2019-15955 Vulnerability in npm package total.js
CVE-2020-28472 Vulnerability in npm package @aws-sdk/shared-ini-file-loader
CVE-2019-15602 Vulnerability in npm package fileview
CVE-2019-10453 Vulnerability in maven package org.jenkins-ci.plugins:delphix