Remote Code Execution (RCE)
Overview djv is a dynamic json-schema validator Affected versions of this package are vulnerable to Remote Code Execution RCE. By controlling the schema file, an attacker can run arbitrary JavaScript code on the victim machine. POC: const djv = require'djv'; const env = new djv; const evilSchema ...