Vulnerability Details CVE-2020-28439
This affects all versions of package corenlp-js-prefab. The injection point is located in line 10 in 'index.js.' It depends on a vulnerable package 'corenlp-js-interface.' Vulnerability can be exploited with the following PoC:
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2020-28439
-
cpe:2.3:a:corenlp-js-prefab_project:corenlp-js-prefab:-