Description

All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().

Remediation

References

https://snyk.io/vuln/SNYK-JS-SHIBA-596466

Related Vulnerabilities

CVE-2021-23673 Vulnerability in npm package pekeupload

CVE-2022-25898 Vulnerability in maven package org.webjars.bower:jsrsasign

CVE-2019-10433 Vulnerability in maven package com.ztbsuper:dingding-notifications

CVE-2015-9239 Vulnerability in npm package ansi2html

CVE-2020-28052 Vulnerability in maven package org.bouncycastle:bcprov-debug-jdk15on

Severity

Critical

Tags

Third Party Advisory NVD-CWE-noinfo