Description
This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.
Remediation
References
https://github.com/korzio/djv/blob/master/lib/utils/properties.js%23L55
https://github.com/korzio/djv/pull/98/files
https://snyk.io/vuln/SNYK-JS-DJV-1014545
Related Vulnerabilities
CVE-2023-5572 Vulnerability in npm package @vrite/sdk
CVE-2021-23900 Vulnerability in maven package com.mikesamuel:json-sanitizer
CVE-2017-12617 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2017-18239 Vulnerability in maven package com.jason-goodwin:authentikat-jwt
CVE-2021-29445 Vulnerability in npm package jose-node-esm-runtime