Description

All versions of package corenlp-js-interface are vulnerable to Command Injection via the main function.

Remediation

References

https://snyk.io/vuln/SNYK-JS-CORENLPJSINTERFACE-1050435

Related Vulnerabilities

CVE-2019-18213 Vulnerability in maven package org.lsp4xml:org.eclipse.lsp4xml.extensions.web

CVE-2020-8203 Vulnerability in maven package org.webjars:lodash

CVE-2017-2585 Vulnerability in maven package org.keycloak:keycloak-server-spi-private

CVE-2018-3818 Vulnerability in npm package kibana

CVE-2019-10475 Vulnerability in maven package org.jenkins-ci.plugins:build-metrics

Severity

Critical

Classification

CWE-78 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Third Party Advisory