Description
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.
Remediation
References
https://github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab
https://github.com/rhysd/Shiba/issues/42
Related Vulnerabilities
CVE-2020-36641 Vulnerability in maven package fr.turri:axmlrpc
CVE-2020-28360 Vulnerability in npm package private-ip
CVE-2020-26217 Vulnerability in maven package org.jvnet.hudson:xstream
CVE-2016-1000346 Vulnerability in maven package org.bouncycastle:bcprov-jdk15on
CVE-2022-29230 Vulnerability in npm package @shopify/hydrogen