Skip to main content

Post Loader

1 CVEs product

Monthly

CVE-2022-0748 npm CRITICAL POC Act Now

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Post Loader
NVD
CVSS 3.1
9.8
EPSS
2.0%
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Post Loader
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy