Description

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.

Remediation

References

https://github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab

https://github.com/rhysd/Shiba/issues/42

Related Vulnerabilities

CVE-2010-2057 Vulnerability in maven package org.apache.myfaces.trinidad:trinidad-impl

CVE-2023-37960 Vulnerability in maven package io.jenkins.plugins:mathworks-polyspace

CVE-2023-4759 Vulnerability in maven package org.eclipse.jgit:org.eclipse.jgit

CVE-2023-46131 Vulnerability in maven package org.grails:grails-encoder

CVE-2021-21363 Vulnerability in maven package io.swagger:swagger-generator

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Patch Third Party Advisory Issue Tracking