CVE-2020-7738 Vulnerability in npm package shiba

Description

All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().

Remediation

References

https://snyk.io/vuln/SNYK-JS-SHIBA-596466

Related Vulnerabilities

CVE-2019-12419 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-sso-oidc

CVE-2020-35210 Vulnerability in maven package io.atomix:atomix

CVE-2021-32702 Vulnerability in npm package nextjs-auth0

CVE-2022-25301 Vulnerability in npm package jsgui-lang-essentials

CVE-2019-16542 Vulnerability in maven package org.jenkins-ci.plugins:anchore-container-scanner

Severity

Critical

Description

Remediation

References

Related Vulnerabilities

Severity

Tags

Take action and discover your vulnerabilities