Description

All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().

Remediation

References

https://snyk.io/vuln/SNYK-JS-SHIBA-596466

Related Vulnerabilities

CVE-2020-1719 Vulnerability in maven package org.wildfly.bom:wildfly

CVE-2020-36629 Vulnerability in npm package httpster

CVE-2019-10335 Vulnerability in maven package org.jenkins-ci.plugins:electricflow

CVE-2017-18869 Vulnerability in maven package org.webjars.npm:chownr

CVE-2022-41249 Vulnerability in maven package com.meowlomo.jenkins:scm-httpclient

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Tags

Third Party Advisory NVD-CWE-noinfo