Lucene search

GitHub Advisory DatabaseGHSA-JR64-PGGR-J8XJ

HistoryMay 14, 2022 - 3:49 a.m.

Shiba vulnerable to XSS leading to code execution

2022-05-1403:49:58

CWE-79

GitHub Advisory Database

github.com

shiba

markdown

live preview

xss

code execution

node integration

software

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.4%

JSON

Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.

Affected configurations

Vulners

Node

shiba_projectshibaRange<1.1.1

VendorProductVersionCPE
shiba_projectshiba*cpe:2.3:a:shiba_project:shiba:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shiba_project	shiba	*	cpe:2.3:a:shiba_project:shiba::::::::

References

github.com/advisories/GHSA-jr64-pggr-j8xj

github.com/rhysd/Shiba/commit/e8a65b0f81eb04903eedd29500d7e1bedf249eab

github.com/rhysd/Shiba/issues/42

nvd.nist.gov/vuln/detail/CVE-2017-1000491

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.4%

JSON

Related for GHSA-JR64-PGGR-J8XJ