Description
This affects all versions of package node-import. The "params" argument of module function can be controlled by users without any sanitization.b. This is then provided to the “eval” function located in line 79 in the index file "index.js".
Remediation
References
https://github.com/mahdaen/node-import/blob/master/index.js%23L79
https://security.snyk.io/vuln/SNYK-JS-NODEIMPORT-571691
Related Vulnerabilities
CVE-2017-15692 Vulnerability in maven package org.apache.geode:geode-core
CVE-2022-36919 Vulnerability in maven package org.jenkins-ci.plugins:coverity
CVE-2017-16226 Vulnerability in maven package org.webjars.npm:static-eval
CVE-2023-37895 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-webapp