CVE-2021-23398

Опубликовано: 24 июн. 2021

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.

Ссылки

https://github.com/AllenFang/react-bootstrap-table/blob/26d07defab759e4f9bce22d1d568690830b8d9d7/src/TableBody.js%23L114-L118
Broken Link
https://github.com/AllenFang/react-bootstrap-table/issues/2071
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314286
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-REACTBOOTSTRAPTABLE-1314285
Exploit
Third Party Advisory
https://github.com/AllenFang/react-bootstrap-table/blob/26d07defab759e4f9bce22d1d568690830b8d9d7/src/TableBody.js%23L114-L118
Broken Link
https://github.com/AllenFang/react-bootstrap-table/issues/2071
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314286
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-REACTBOOTSTRAPTABLE-1314285
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:react-bootstrap-table_project:react-bootstrap-table:-:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00419

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2589-w6xf-983r