GHSA-xwqw-rf2q-xmhf

Опубликовано: 01 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Cross-Site Scripting in buefy

Versions of buefy prior to 0.7.2 are vulnerable to Cross-Site Scripting, allowing attackers to manipulate the DOM and execute remote code. The autocomplete list renders user input as HTML without encoding.

Recommendation

Upgrade to version 0.7.2 or later.

Ссылки

https://github.com/buefy/buefy/issues/1097
https://www.npmjs.com/advisories/747

Пакеты

Наименование

buefy

npm

Затронутые версииВерсия исправления

< 0.7.2

0.7.2

Дефекты

CWE-79

Дефекты

CWE-79