GHSA-c7pp-x73h-4m2v

Опубликовано: 02 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Cross-Site Scripting in bootstrap-vue

Versions of bootstrap-vue prior to 2.0.0-rc.12 are vulnerable to Cross-Site Scripting. Due to insufficient input sanitization, components may be vulnerable to Cross-Site Scripting through the options variable. This may lead to the execution of malicious JavaScript on the user's browser.

Recommendation

Upgrade to version 2.0.0-rc.12 or later.

Ссылки

https://github.com/bootstrap-vue/bootstrap-vue/issues/1974
https://github.com/bootstrap-vue/bootstrap-vue/pull/2134
https://github.com/bootstrap-vue/bootstrap-vue/commit/ba6f3f8359e257589d744f180312c09bf9f12289
https://www.npmjs.com/advisories/770

Пакеты

Наименование

bootstrap-vue

npm

Затронутые версииВерсия исправления

<= 2.0.0-rc.11

2.0.0-rc.12

Дефекты

CWE-79

Дефекты

CWE-79