Description
This affects all versions of package ts-process-promises. The injection point is located in line 45 in main entry of package in lib/process-promises.js. The vulnerability is demonstrated with the following PoC:
Remediation
References
https://snyk.io/vuln/SNYK-JS-TSPROCESSPROMISES-1048334
Related Vulnerabilities
CVE-2018-20190 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2017-16114 Vulnerability in npm package marked
CVE-2017-16178 Vulnerability in npm package intsol-package
CVE-2020-8929 Vulnerability in maven package com.google.crypto.tink:tink
CVE-2020-24164 Vulnerability in maven package com.taoensso:nippy