Описание
XSS in client rendered block templates in rendr
Affected versions of rendr are vulnerable to cross-site scripting when client side rendering is done inside a _block.
Server side rendering is not affected and is properly escaped.
Recommendation
Update to version 1.1.4 or later.
Пакеты
Наименование
rendr
npm
Затронутые версииВерсия исправления
<= 1.1.3
1.1.4
CVE ID
Дефекты
CWE-79
Связанные уязвимости
CVE ID
Дефекты
CWE-79