RSS   Vulnerabilities for 'Shiba'   RSS

2020-10-02
 
CVE-2020-7738

NVD-CWE-noinfo
 

 
All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().

 
2018-01-02
 
CVE-2017-1000491

CWE-79
 

 
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.

 


Copyright 2024, cxsecurity.com

 

Back to Top