GHSA-cr56-66mx-293v

Опубликовано: 03 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Cross-Site Scripting in @toast-ui/editor

Versions of @toast-ui/editor prior to 2.2.0 are vulnerable to Cross-Site Scripting (XSS). There are multiple bypasses to the package's built-in XSS sanitization. This may allow attackers to execute arbitrary JavaScript on a victim's browser.

Recommendation

Upgrade to version 2.2.0 or later.

Ссылки

https://github.com/nhn/tui.editor/issues/733
https://github.com/nhn/tui.editor/pull/1010
https://github.com/nhn/tui.editor/commit/5f62f5eeda9e8f8bcf2075e8e0e10d22bf56d1a7
https://www.npmjs.com/advisories/1521

Пакеты

Наименование

@toast-ui/editor

npm

Затронутые версииВерсия исправления

< 2.2.0

2.2.0

Дефекты

CWE-79

Дефекты

CWE-79