Description
All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().
Remediation
References
https://snyk.io/vuln/SNYK-JS-SHIBA-596466
Related Vulnerabilities
CVE-2022-43432 Vulnerability in maven package org.jenkins-ci.plugins:xframium
CVE-2021-21118 Vulnerability in maven package org.webjars.npm:electron
CVE-2022-36025 Vulnerability in maven package org.hyperledger.besu:evm
CVE-2023-35147 Vulnerability in maven package org.jenkins-ci.plugins:aws-codecommit-trigger
CVE-2020-2245 Vulnerability in maven package org.jenkins-ci.plugins:valgrind