Description

This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:

Remediation

References

https://snyk.io/vuln/SNYK-JS-CORENLPJSPREFAB-1050434

Related Vulnerabilities

CVE-2017-7677 Vulnerability in maven package org.apache.ranger:ranger

CVE-2022-40150 Vulnerability in maven package org.codehaus.jettison:jettison

CVE-2014-10067 Vulnerability in npm package paypal-ipn

CVE-2022-1291 Vulnerability in maven package org.webjars.bower:tableexport.jquery.plugin

CVE-2014-3655 Vulnerability in maven package org.keycloak:keycloak-services

Severity

Critical

Classification

CWE-78

Tags

Third Party Advisory