GHSA-588m-9qg5-35pq

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Reverse Tabnabbing in quill

Versions of quill prior to 1.3.7 are vulnerable to Reverse Tabnabbing. The package uses target='_blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks.

Recommendation

No fix is currently available. Consider using an alternative package until a fix is made available.

Ссылки

https://github.com/quilljs/quill/issues/2438
https://github.com/quilljs/quill/pull/2674
https://www.npmjs.com/advisories/1039

Пакеты

Наименование

quill

npm

Затронутые версииВерсия исправления

< 1.3.7

1.3.7

6.5 Medium

CVSS3

Дефекты

CWE-1022

6.5 Medium

CVSS3

Дефекты

CWE-1022