Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Arbitrary Code Execution
Vulnerability Description
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
N/A
Vulnerability Title
post-loader 跨站脚本漏洞
Vulnerability Description
post-loader是中国EGOIST个人开发者的一个 Webpack 加载器。用于用 Markdown 编写博客文章。 post-loader 存在跨站脚本漏洞,该漏洞源于不安全的方式使用 markdown 解析器,因此 markdown 输入文件中的任何 javascript 代码都会被评估和执行。该漏洞影响以下产品:post-loader 从 0.0.0.0 版本以后所有版本。
CVSS Information
N/A
Vulnerability Type
N/A