Remote Code Execution (RCE)

post-loader is vulnerable to remote code execution. The vulnerability exists due to a lack of sanitization in an unsecure parser which allows an attacker to execute maliciously crafted script in the system...

GHSA-66WW-999Q-MFFQ Arbitrary code execution in post-loader

post-loader is webpack loader for blog posts written in Markdown. The package post-loader from 0.0.0 is vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. At this time, there...

@kamilic-pkg/toolbox (>=1.0.0 <=1.1.0), @q7/cli (>=0.0.2 <=0.2.0) +8 more potentially affected by CVE-2022-0748 via post-loader (>=1.1.2 <=2.0.0)

post-loader NPM version =1.1.2, =1.0.0, =0.0.2, =0.0.2, =0.1.0, =0.0.4, =0.0.1, =2.6.21, =0.0.2, =0.0.4 Source cves: CVE-2022-0748 Source advisory: OSV:GHSA-66WW-999Q-MFFQ...

CVE-2022-0748

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...

CVE-2022-0748

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...

CVE-2022-0748

CVE-2022-0748 affects the post-loader package (Webpack loader for Markdown blog posts). The root cause is unsafe handling of a Markdown parser which allows JavaScript in Markdown inputs to be evaluated and executed, enabling arbitrary code execution. Affected versions are 0.0.0 and later. Public ...

CVE-2022-0748

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed...

PT-2022-13408 · Unknown · Post-Loader

Name of the Vulnerable Software and Affected Versions: post-loader versions 0.0.0 and later Description: The issue concerns the post-loader package, which is a webpack loader for blog posts written in Markdown. It is vulnerable to Arbitrary Code Execution due to the use of a markdown parser in an...

post-loader 跨站脚本漏洞

post-loader is a Webpack loader for China EGOIST individual developers. It is used to write blog posts in Markdown. A cross-site scripting vulnerability exists in post-loader, which stems from the use of the markdown parser in an insecure manner, so that any javascript code in a markdown input fi...

@kamilic-pkg/toolbox (>=1.0.0 <=1.1.0), @q7/cli (>=0.0.2 <=0.2.0) +8 more potentially affected by CVE-2022-0748 via post-loader (>=1.1.2 <=2.0.0)

post-loader NPM version =1.1.2, =1.0.0, =0.0.2, =0.0.2, =0.1.0, =0.0.4, =0.0.1, =2.6.21, =0.0.2, =0.0.4 Source cves: CVE-2022-0748 Source advisory: SNYK:JS-POSTLOADER-2403737...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. PoC js const postLoader = require'post-loader' var payload =...