All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad().
NVD-CWE-noinfo
CVE-2020-7742
This affects the package simpl-schema before 1.10.2.
CVE-2020-7754
This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters.
CVE-2020-7761
This affects the package @absolunet/kafe before 3.2.10. It allows cause a denial of service when validating crafted invalid emails.
CVE-2020-7765
This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
CVE-2020-7677
This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization.
