GHSA-4q2f-8g74-qm56

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Cross-Site Scripting in takeapeek

All versions of takeapeek are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Ссылки

https://hackerone.com/reports/490728
https://www.npmjs.com/advisories/1038

Пакеты

Наименование

takeapeek

npm

Затронутые версииВерсия исправления

>= 0.0.0

Отсутствует

Дефекты

CWE-79

Дефекты

CWE-79