GHSA-7p6w-x2gr-rrf8

Опубликовано: 02 сент. 2020

Источник: github

Github: Прошло ревью

Описание

ag-grid Cross-Site Scripting vulnerability

Versions of ag-grid prior to 14.0.0 are vulnerable to Cross-Site Scripting (XSS). Grid contents are not properly sanitized and may allow attackers to execute arbitrary JavaScript if user input is rendered in the grid.

Recommendation

Upgrade to version 14.0.0 or later.

Ссылки

https://github.com/ag-grid/ag-grid/issues/1961
https://github.com/github/advisory-database/issues/5799
https://github.com/ag-grid/ag-grid/commit/b66b1ddf73056714f6574e054d6e05d6ba531ce8

Пакеты

Наименование

ag-grid

npm

Затронутые версииВерсия исправления

< 14.0.0

14.0.0

Дефекты

CWE-79

Дефекты

CWE-79