GHSA-2hwp-g4g7-mwwj

Опубликовано: 29 мая 2019

Источник: github

Github: Прошло ревью

Описание

Reflected Cross-Site Scripting in jquery.terminal

Versions of jquery.terminal prior to 1.21.0 are vulnerable to Reflected Cross-Site Scripting. If the application has either of the options anyLinks or invokeMethods set to true, the application may execute arbitrary JavaScript through crafted malicious payloads due to insufficient sanitization.

Recommendation

Upgrade to version 1.21.0 or later

Ссылки

https://github.com/jcubic/jquery.terminal/commit/c8b7727d21960031b62a4ef1ed52f3c634046211
https://www.npmjs.com/advisories/769

Пакеты

Наименование

jquery.terminal

npm

Затронутые версииВерсия исправления

< 1.21.0

1.21.0

Дефекты

CWE-79

Дефекты

CWE-79