Description
Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.
Remediation
References
https://github.com/xCss/Valine/issues/400
Related Vulnerabilities
CVE-2020-14967 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign
CVE-2020-7709 Vulnerability in npm package json-pointer
CVE-2021-21165 Vulnerability in maven package org.webjars.npm:electron
CVE-2019-10795 Vulnerability in maven package org.webjars.npm:undefsafe
CVE-2018-3722 Vulnerability in maven package org.webjars.npm:merge-deep