WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-1000491 Vulnerability in npm package shiba

Description

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.

Remediation

References

https://github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab

https://github.com/rhysd/Shiba/issues/42

Related Vulnerabilities

CVE-2020-26274 Vulnerability in npm package systeminformation

CVE-2014-0050 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2018-1000129 Vulnerability in maven package org.jolokia:jolokia-core

CVE-2021-31811 Vulnerability in maven package org.apache.pdfbox:pdfbox

CVE-2023-39522 Vulnerability in npm package @goauthentik/api

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Patch Third Party Advisory Issue Tracking