Description
This affects the package connection-tester before 0.2.1. The injection point is located in line 15 in index.js. The following PoC demonstrates the vulnerability:
Remediation
References
https://github.com/skoranga/node-connection-tester/pull/10
https://snyk.io/vuln/SNYK-JS-CONNECTIONTESTER-1048337
Related Vulnerabilities
CVE-2023-37914 Vulnerability in maven package org.xwiki.platform:xwiki-platform-invitation-ui
CVE-2021-29469 Vulnerability in npm package redis
CVE-2020-15152 Vulnerability in npm package ftp-srv
CVE-2021-32808 Vulnerability in npm package ckeditor4
CVE-2022-41918 Vulnerability in maven package org.opensearch.plugin:opensearch-security