GHSA-pqpp-2363-649v

Опубликовано: 02 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Cross-Site Scripting in buttle

All versions of buttle are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine, buttle does not sanitize the HTML output allowing attackers to run arbitrary JavaScript when processing malicious markdown files.

Recommendation

No fix is currently available. Consider using an alternative module until a fix is made available.

Ссылки

https://hackerone.com/reports/404126
https://www.npmjs.com/advisories/810

Пакеты

Наименование

buttle

npm

Затронутые версииВерсия исправления

Отсутствует

Дефекты

CWE-79

Дефекты

CWE-79