Description
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.
Remediation
References
https://github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab
https://github.com/rhysd/Shiba/issues/42
Related Vulnerabilities
CVE-2010-2057 Vulnerability in maven package org.apache.myfaces.trinidad:trinidad-impl
CVE-2023-37960 Vulnerability in maven package io.jenkins.plugins:mathworks-polyspace
CVE-2023-4759 Vulnerability in maven package org.eclipse.jgit:org.eclipse.jgit
CVE-2023-46131 Vulnerability in maven package org.grails:grails-encoder
CVE-2021-21363 Vulnerability in maven package io.swagger:swagger-generator