CVE-2020-7738 Vulnerability in npm package shiba

Description

All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().

Remediation

References

https://snyk.io/vuln/SNYK-JS-SHIBA-596466

Related Vulnerabilities

CVE-2022-36313 Vulnerability in maven package org.webjars.npm:file-type

CVE-2019-10785 Vulnerability in maven package org.webjars.bowergithub.dojo:dojox

CVE-2017-1000228 Vulnerability in maven package org.webjars.npm:ejs

CVE-2019-19771 Vulnerability in npm package wbe3

CVE-2020-1714 Vulnerability in maven package org.keycloak:keycloak-common

Severity

Critical

Description

Remediation

References

Related Vulnerabilities

Severity

Tags

Take action and discover your vulnerabilities