Description
All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().
Remediation
References
https://snyk.io/vuln/SNYK-JS-SHIBA-596466
Related Vulnerabilities
CVE-2022-25349 Vulnerability in maven package org.webjars.npm:materialize-css
CVE-2023-40338 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-folder
CVE-2019-14863 Vulnerability in maven package org.webjars.npm:angular
CVE-2018-6184 Vulnerability in npm package next
CVE-2021-21298 Vulnerability in npm package @node-red/runtime