Here’s a Proof-Of-Concept for CVE-2022–32511 to Gain Remote Code Execution
Too Long; Didn't Read
Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to the usage of `JSON.load` which is considered unsafe when used with untrusted input. In order to reproduce the steps, we first require to install ‘JMESPath 1.6.0’ or before: Jmespath. Pick the desired payload, I have picked one from [pentestmonkey.net/cheat-sheet/shells/reverse-shells.