GHSA-hqq7-2q2v-82xq

Опубликовано: 17 мар. 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Cross-site Scripting in sanitize-url

The package @braintree/sanitize-url before 6.0.0 is vulnerable to Cross-site Scripting (XSS) due to improper sanitization in the sanitizeUrl function.

Ссылки

Пакеты

Наименование

@braintree/sanitize-url

npm

Затронутые версииВерсия исправления

< 6.0.0

6.0.0

EPSS

Процентиль: 32%

0.0012

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2021-23648

Дефекты

CWE-79

Связанные уязвимости

CVE-2021-23648

CVSS3: 5.4

ubuntu

больше 3 лет назад

The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.

CVE-2021-23648

CVSS3: 5.4

redhat

больше 3 лет назад

The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.

CVE-2021-23648

CVSS3: 5.4

nvd

больше 3 лет назад

The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.

CVE-2021-23648

CVSS3: 5.4

debian

больше 3 лет назад

The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cro ...

RLSA-2022:8057

rocky

больше 2 лет назад

Important: grafana security, bug fix, and enhancement update

EPSS

Процентиль: 32%

0.0012

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2021-23648

Дефекты

CWE-79