Description
Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.
Remediation
References
https://github.com/xCss/Valine/issues/400
Related Vulnerabilities
CVE-2021-34429 Vulnerability in maven package org.eclipse.jetty:jetty-webapp
CVE-2022-22984 Vulnerability in npm package snyk-gradle-plugin
CVE-2023-27087 Vulnerability in maven package com.xuxueli:xxl-job
CVE-2022-25354 Vulnerability in npm package set-in
CVE-2022-31139 Vulnerability in maven package io.github.karlatemp:unsafe-accessor