Description
An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file.
Remediation
References
https://devhub.checkmarx.com/cve-details/Cx8b24ace3-0c9a/
https://devhub.checkmarx.com/cve-details/cve-2023-46498/
Related Vulnerabilities
CVE-2022-0272 Vulnerability in maven package io.gitlab.arturbosch.detekt:detekt-core
CVE-2023-26129 Vulnerability in npm package bwm-ng
CVE-2020-26259 Vulnerability in maven package com.thoughtworks.xstream:xstream
CVE-2022-31023 Vulnerability in maven package com.typesafe.play:play_2.12
CVE-2016-0779 Vulnerability in maven package org.apache.tomee:openejb-core