Description
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.
Remediation
References
https://snyk.io/vuln/SNYK-JS-POSTLOADER-2403737
Related Vulnerabilities
CVE-2020-23811 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2018-20677 Vulnerability in npm package bootstrap
CVE-2020-28482 Vulnerability in npm package fastify-csrf
CVE-2023-1454 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-common
CVE-2020-13946 Vulnerability in maven package org.apache.cassandra:cassandra-all