Description
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.
Remediation
References
https://github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab
https://github.com/rhysd/Shiba/issues/42
Related Vulnerabilities
CVE-2022-22965 Vulnerability in maven package org.springframework:spring-webmvc
CVE-2022-27952 Vulnerability in npm package payload
CVE-2023-2976 Vulnerability in maven package com.google.guava:guava
CVE-2020-28479 Vulnerability in npm package jointjs
CVE-2018-18628 Vulnerability in maven package ro.pippo:pippo-core