Описание
Critters Cross-site Scripting Vulnerability
Impact
Critters version 0.0.17-0.0.19 have an issue when parsing the HTML which leads to a potential cross-site scripting (XSS) bug.
Patches
The bug has been fixed in v0.0.20.
Workarounds
Upgrading Critters version to >0.0.20 is the easiest fix. This is a non breaking version upgrade so we recommend all users to use v0.0.20.
Пакеты
Наименование
critters
npm
Затронутые версииВерсия исправления
>= 0.0.17, <= 0.0.19
0.0.20
Связанные уязвимости
CVSS3: 5.7
nvd
больше 2 лет назад
Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. We recommend upgrading to version 0.0.20 of the extension.