CVE-2020-7738 Vulnerability in npm package shiba

Description

All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().

Remediation

References

https://snyk.io/vuln/SNYK-JS-SHIBA-596466

Related Vulnerabilities

CVE-2022-1291 Vulnerability in maven package org.webjars.npm:github-com-hhurz-tableexport-jquery-plugin

CVE-2023-30525 Vulnerability in maven package org.jenkins-ci.plugins:reportportal

CVE-2020-2298 Vulnerability in maven package org.jenkins-ci.plugins:nerrvana-plugin

CVE-2019-10360 Vulnerability in maven package org.jenkins-ci.plugins.m2release:m2release

CVE-2019-10295 Vulnerability in maven package org.jenkins-ci.plugins:crittercism-dsym

Severity

Critical

Description

Remediation

References

Related Vulnerabilities

Severity

Tags

Take action and discover your vulnerabilities