CVE-2017-1000491 – shiba

Package

Manager: npm
Name: shiba
Vulnerable Version: >=0 <1.1.1

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00369 pctl0.57947

Details

Shiba vulnerable to XSS leading to code execution Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.

Metadata

Created: 2022-05-14T03:49:58Z
Modified: 2024-04-22T23:11:42Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-jr64-pggr-j8xj/GHSA-jr64-pggr-j8xj.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-jr64-pggr-j8xj
Finding: F425
Auto approve: 1