2 matches found
@gitldy1013/vuepress-theme-ldy (>=1.1.2 <=1.1.3), @next-theme/plugins (>=0.0.2 <=8.1.0) +20 more potentially affected by CVE-2022-38545 via valine (>=1.3.10 <=1.4.4)
valine NPM version =1.3.10, =1.1.2, =0.0.2, =1.0.0, =2.0.0-beta.0, =1.0.11, =0.0.1, =1.0.0, =1.0.0, =1.0.8-alpha.5, =1.1.2, =1.2.1, =1.6.4 - vuepress-theme-moon =2.0.0-beta.68 and more Source cves: CVE-2022-38545 Source advisory: OSV:GHSA-MCVG-G9WX-V5VX...
CVE-2022-38545
Valine 1.4.18 contains a remote code execution (RCE) vulnerability that allows an attacker to execute arbitrary code via a crafted POST request. The CVE-2022-38545 entry is rated CRITICAL (CVSS 3.1) with network attack, low attack complexity, no privileges required, and user interaction required;...