Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-1000491 Vulnerability in npm package shiba

Description

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.

Remediation

References

https://github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab

https://github.com/rhysd/Shiba/issues/42

Related Vulnerabilities

CVE-2020-26289 Vulnerability in npm package date-and-time

CVE-2021-21414 Vulnerability in npm package @prisma/sdk

CVE-2022-25948 Vulnerability in npm package liquidjs

CVE-2017-2600 Vulnerability in maven package org.jenkins-ci.main:jenkins-core

CVE-2022-42466 Vulnerability in maven package org.apache.isis.commons:isis-commons

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Patch Third Party Advisory Issue Tracking