Vulnerabilities > CVE-2020-7738 - Unspecified vulnerability in Shiba Project Shiba

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

shiba-project

NVD

Published: 2020-10-02

Updated: 2020-10-06

Summary

All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().

Vulnerable Configurations

Part	Description	Count
Application	Shiba_Project Shiba Project Shiba *	1

References

https://snyk.io/vuln/SNYK-JS-SHIBA-596466