Description
All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().
Remediation
References
https://snyk.io/vuln/SNYK-JS-SHIBA-596466
Related Vulnerabilities
CVE-2019-12419 Vulnerability in maven package org.apache.cxf:cxf-rt-rs-security-sso-oidc
CVE-2020-35210 Vulnerability in maven package io.atomix:atomix
CVE-2021-32702 Vulnerability in npm package nextjs-auth0
CVE-2022-25301 Vulnerability in npm package jsgui-lang-essentials
CVE-2019-16542 Vulnerability in maven package org.jenkins-ci.plugins:anchore-container-scanner