Description

This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:

Remediation

References

https://snyk.io/vuln/SNYK-JS-CORENLPJSPREFAB-1050434

Related Vulnerabilities

CVE-2022-24891 Vulnerability in maven package org.owasp.esapi:esapi

CVE-2014-3743 Vulnerability in npm package marked

CVE-2020-2190 Vulnerability in maven package org.jenkins-ci.plugins:script-security

CVE-2017-16091 Vulnerability in npm package xtalk

CVE-2017-14063 Vulnerability in maven package org.asynchttpclient:async-http-client-project

Severity

Critical

Classification

CWE-78

Tags

Third Party Advisory