Shiba Project: Security Vulnerabilities
All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().
CVSS Score
8.3
EPSS Score
0.008
Published
2020-10-02
Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-01-03