Описание
Cross-Site Scripting in react-svg
Versions of react-svg before 2.2.18 are vulnerable to cross-site scripting (xss). This is due to the fact that scripts found in SVG files are run by default.
Recommendation
Update to version 2.2.18 or later.
Пакеты
Наименование
react-svg
npm
Затронутые версииВерсия исправления
< 2.2.18
2.2.18
Дефекты
CWE-79
Дефекты
CWE-79