PT-2020-19755 · Js Yaml+1 · Js-Yaml+1

Published

2020-10-02

Updated

2021-05-10

CVE-2020-7738

CVSS v3.1

8.3

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Name of the Vulnerable Software and Affected Versions shiba versions (affected versions not specified)

Description The issue concerns Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement, safeLoad().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2020-7738

GHSA-JVF4-G24P-2QGW

SNYK-JS-SHIBA-596466

Affected Products

Js-Yaml

Shiba

PT-2020-19755 · Js Yaml+1 · Js-Yaml+1

CVE-2020-7738

Weakness Enumeration

Related Identifiers

Affected Products

References · 5