GHSA-2ggq-vfcp-gwhj

Опубликовано: 04 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Cross-Site Scripting in @hapi/boom

Versions of @hapi/boom prior to 0.3.8 are vulnerable to Cross-Site Scripting (XSS). The package fails to properly escape error messages, which may allow attackers to execute arbitrary JavaScript in a victim's browser.

Recommendation

Upgrade to version 0.3.8 or later.

Ссылки

https://github.com/hapijs/boom/commit/0f8640bdba65aec6e6799bfc16ff5753150bfcaf
https://snyk.io/vuln/SNYK-JS-HAPIBOOM-541183

Пакеты

Наименование

@hapi/boom

npm

Затронутые версииВерсия исправления

< 0.3.8

0.3.8

6.5 Medium

CVSS3

Дефекты

CWE-79

6.5 Medium

CVSS3

Дефекты

CWE-79