Description
Valine v1.4.18 was discovered to contain a remote code execution (RCE) vulnerability which allows attackers to execute arbitrary code via a crafted POST request.
Remediation
References
https://github.com/xCss/Valine/issues/400
Related Vulnerabilities
CVE-2016-7103 Vulnerability in maven package org.webjars:jquery-ui
CVE-2015-8858 Vulnerability in maven package org.webjars.npm:uglify-js
CVE-2022-25921 Vulnerability in npm package morgan-json
CVE-2021-21636 Vulnerability in maven package org.jenkins-ci.plugins:tfs
CVE-2022-25927 Vulnerability in maven package org.webjars.bowergithub.faisalman:ua-parser-js