CVE-2020-7738 Vulnerability in npm package shiba

Description

All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().

Remediation

References

https://snyk.io/vuln/SNYK-JS-SHIBA-596466

Related Vulnerabilities

CVE-2022-25869 Vulnerability in maven package org.webjars.bower:angular

CVE-2021-23400 Vulnerability in npm package nodemailer

CVE-2016-10597 Vulnerability in npm package cobalt-cli

CVE-2017-16125 Vulnerability in npm package rtcmulticonnection-client

CVE-2017-16039 Vulnerability in npm package hftp

Severity

Critical

Description

Remediation

References

Related Vulnerabilities

Severity

Tags

Take action and discover your vulnerabilities