GHSA-66ww-999q-mffq

Опубликовано: 18 мар. 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.8

Описание

Arbitrary code execution in post-loader

post-loader is webpack loader for blog posts written in Markdown. The package post-loader from 0.0.0 is vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. At this time, there is no known workaround or patch available.

Ссылки

Пакеты

Наименование

post-loader

npm

Затронутые версииВерсия исправления

>= 0.0.0

Отсутствует

EPSS

Процентиль: 79%

0.01201

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-0748

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-0748

CVSS3: 9.8

nvd

почти 4 года назад

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.

EPSS

Процентиль: 79%

0.01201

Низкий

9.8 Critical

CVSS3

CVE ID

CVE-2022-0748

Дефекты

CWE-79