CVE-2020-28439

Summary

This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:

Affected Software

VendorProductVersion RangeStatus
n/acorenlp-js-prefab0 < unspecifiedaffected

Weaknesses

  • Command Injection

ADP Enrichment

CVE Program Container

Additional References

References