Description

This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:

Remediation

References

https://github.com/skoranga/node-connection-tester/pull/10

https://snyk.io/vuln/SNYK-JS-CONNECTIONTESTER-1048337

Related Vulnerabilities

CVE-2018-7651 Vulnerability in npm package ssri

CVE-2023-27495 Vulnerability in npm package @fastify/csrf-protection

CVE-2023-25572 Vulnerability in maven package org.webjars.npm:react-admin

CVE-2021-37578 Vulnerability in maven package org.apache.juddi:juddi-core

CVE-2021-32809 Vulnerability in maven package org.webjars.npm:ckeditor4

Severity

Critical

Classification

CWE-78

Tags

Patch Third Party Advisory Exploit