Description
This affects the package djv before 2.1.4. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine.
Recommendation
Update the djv package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.1.4
- Patched version(s): 2.1.4
References
Related Issues
- Trix Editor Arbitrary Code Execution Vulnerability - CVE-2024-34341
- Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code - CVE-2023-45133
- xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection - CVE-2020-28502
- xmlhttprequest and xmlhttprequest-ssl vulnerable to Arbitrary Code Injection (GHSA-h4j5-c7cj-74xg) - CVE-2020-28502
- Tags:
- npm
- djv
Anything's wrong? Let us know Last updated on February 01, 2023