GHSA-jj6g-7j8p-7gf2

Опубликовано: 30 мая 2019

Источник: github

Github: Прошло ревью

Описание

Cross-Site Scripting in bracket-template

All versions of bracket-template are vulnerable to stored cross-site scripting (XSS). This is exploitable when a variable passed in via a GET parameter is used in a template.

Recommendation

No fix is currently available for this vulnerability. It is our recommendation to not install or use this module at this time.

Ссылки

https://hackerone.com/reports/317125
https://www.npmjs.com/advisories/608

Пакеты

Наименование

bracket-template

npm

Затронутые версииВерсия исправления

<= 1.1.5

Отсутствует

Дефекты

CWE-79

Дефекты

CWE-79