Description

All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().

Remediation

References

https://snyk.io/vuln/SNYK-JS-SHIBA-596466

Related Vulnerabilities

CVE-2021-30246 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign

CVE-2014-10064 Vulnerability in maven package org.webjars:qs

CVE-2020-7660 Vulnerability in npm package serialize-javascript

CVE-2022-25857 Vulnerability in maven package org.yaml:snakeyaml

CVE-2022-38900 Vulnerability in maven package org.webjars.bowergithub.samverschueren:decode-uri-component

Severity

Critical

Tags

Third Party Advisory NVD-CWE-noinfo