EUVD-2021-1127

Malware in sbrugna...

OESA-2022-1544 nodejs-grunt security update

Grunt is the JavaScript task runner. Why use a task runner? In one word: automation. The less work you have to do when performing repetitive tasks like minification, compilation, unit testing, linting, etc, the easier your job becomes. After you've configured it, a task runner can do most of that...

GHSA-JVF4-G24P-2QGW Arbitrary Code Execution in shiba

All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load of the package js-yaml instead of its secure replacement , safeLoad...

GHSA-M5PJ-VJJF-4M3H Arbitrary Code Execution in grunt

The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due to the default usage of the function load instead of its secure replacement safeLoad of the package js-yaml inside grunt.file.readYAML...

CVE-2020-7738

All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load of the package js-yaml instead of its secure replacement , safeLoad...

Code injection

All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load of the package js-yaml instead of its secure replacement , safeLoad...

CVE-2020-7738

CVE-2020-7738 affects the shiba package. The root cause is the use of js-yaml.load() instead of the secure js-yaml.safeLoad(), enabling Arbitrary Code Execution. Affected: all shiba versions; impact: arbitrary code execution; remediation: Snyk notes no fixed shiba version yet. References include ...

Arbitrary Code Execution

Overview shiba is a Live markdown previewer with linter Affected versions of this package are vulnerable to Arbitrary Code Execution due to the default usage of the function load of the package js-yaml instead of its secure replacement , safeLoad. Remediation There is no fixed version for shiba...

Code Injection in js-yaml

Versions of js-yaml prior to 3.13.1 are vulnerable to Code Injection. The load function may execute arbitrary code injected through a malicious YAML file. Objects that have toString as key, JavaScript code as value and are used as explicit mapping keys allow attackers to execute the supplied code...

Deserialization Code Execution in js-yaml

Versions 2.0.4 and earlier of js-yaml are affected by a code execution vulnerability in the YAML deserializer. Proof of Concept const yaml = require'js-yaml'; const x = test: !!js/function function f console.log1; ; yaml.loadx; Recommendation Update js-yaml to version 2.0.5 or later, and ensure...

Deserialization Code Execution

Overview Versions 2.0.4 and earlier of js-yaml are affected by a code execution vulnerability in the YAML deserializer. Proof of Concept const yaml = require'js-yaml'; const x = test: !!js/function function f console.log1; ; yaml.loadx; Recommendation Update js-yaml to version 2.0.5 or later, and...