npm package
shiba
pkg:npm/shiba
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-7738 | — | <= 1.2.1 | — | Oct 2, 2020 | All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad(). | ||
| CVE-2017-1000491 | — | < 1.1.1 | 1.1.1 | Jan 3, 2018 | Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration. |
- CVE-2020-7738Oct 2, 2020affected <= 1.2.1
All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().
- CVE-2017-1000491Jan 3, 2018affected < 1.1.1fixed 1.1.1
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.