WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-1000491 Vulnerability in npm package shiba

Description

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.

Remediation

References

https://github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab

https://github.com/rhysd/Shiba/issues/42

Related Vulnerabilities

CVE-2022-41933 Vulnerability in maven package org.xwiki.platform:xwiki-platform-security-authentication-default

CVE-2017-16129 Vulnerability in maven package org.webjars.npm:superagent

CVE-2023-47327 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web

CVE-2022-1440 Vulnerability in npm package git-interface

CVE-2020-7793 Vulnerability in maven package org.webjars.bowergithub.faisalman:ua-parser-js

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Patch Third Party Advisory Issue Tracking