Description
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.
Remediation
References
https://snyk.io/vuln/SNYK-JS-POSTLOADER-2403737
Related Vulnerabilities
CVE-2023-35142 Vulnerability in maven package com.checkmarx.jenkins:checkmarx
CVE-2022-39366 Vulnerability in maven package io.acryl:datahub-client
CVE-2022-25948 Vulnerability in npm package liquidjs
CVE-2021-3766 Vulnerability in npm package objection
CVE-2020-6858 Vulnerability in maven package com.hotels.styx:styx-api