Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qcjY0LXBnZ3Itajh4as4AAXiq
Shiba vulnerable to XSS leading to code execution
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.
Permalink: https://github.com/advisories/GHSA-jr64-pggr-j8xjJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcjY0LXBnZ3Itajh4as4AAXiq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 25 days ago
CVSS Score: 6.1
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-jr64-pggr-j8xj, CVE-2017-1000491
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000491
- https://github.com/rhysd/Shiba/issues/42
- https://github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab
- https://github.com/advisories/GHSA-jr64-pggr-j8xj
Blast Radius: 0.0
Affected Packages
npm:shiba
Dependent packages: 0Dependent repositories: 1
Downloads: 123 last month
Affected Version Ranges: < 1.1.1
Fixed in: 1.1.1
All affected versions: 0.0.1, 0.1.0, 0.1.1, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.3.0, 0.3.1, 0.3.2, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.3.9, 0.3.10, 0.3.11, 0.3.12, 0.4.0, 0.4.1, 0.4.2, 0.4.4, 0.5.0, 0.5.1, 0.5.2, 0.6.0, 0.6.1, 0.6.2, 0.7.0, 0.7.1, 0.7.2, 0.7.3, 0.7.4, 0.7.5, 0.7.6, 0.8.0, 0.9.0, 0.10.1, 0.11.1, 0.11.2, 0.11.3, 1.0.0, 1.0.2, 1.0.3, 1.0.4, 1.1.0
All unaffected versions: 1.1.1, 1.1.2, 1.2.0, 1.2.1