WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-1000491 Vulnerability in npm package shiba

Description

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.

Remediation

References

https://github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab

https://github.com/rhysd/Shiba/issues/42

Related Vulnerabilities

CVE-2022-28220 Vulnerability in maven package org.apache.james.protocols:protocols-netty

CVE-2008-6504 Vulnerability in maven package opensymphony:xwork

CVE-2022-29172 Vulnerability in npm package auth0-lock

CVE-2021-25948 Vulnerability in npm package expand-hash

CVE-2022-24377 Vulnerability in npm package cycle-import-check

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Patch Third Party Advisory Issue Tracking