GHSA-r9q4-w3fm-wrm2

Описание

Versions of google-closure-library prior to 20190301.0.0 are vulnerable to Cross-Site Scripting. The safedomtreeprocessor.processToString() function improperly processed empty elements, which could allow attackers to execute arbitrary JavaScript through Mutation Cross-Site Scripting.

Recommendation

Upgrade to version 20190301.0.0 or later.