Описание
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.
A flaw was found in sanitize-url due to improper sanitization in the sanitizeUrl function. This issue causes vulnerability to Cross-site Scripting in sanitize-url.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2.1 | servicemesh-grafana | Will not fix | ||
| Red Hat 3scale API Management Platform 2 | 3scale-apicast-operator-bundle-container | Affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-apicast-operator-container | Affected | ||
| Red Hat Ceph Storage 5 | rhceph/rhceph-5-dashboard-rhel8 | Affected | ||
| Red Hat Enterprise Linux 8 | grafana | Fixed | RHSA-2022:7519 | 08.11.2022 |
| Red Hat Enterprise Linux 9 | grafana | Fixed | RHSA-2022:8057 | 15.11.2022 |
| Red Hat OpenShift Container Platform 4.11 | openshift4/ose-grafana | Fixed | RHSA-2022:5069 | 10.08.2022 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2065290sanitize-url: XSS due to improper sanitization in sanitizeUrl function
5.4 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.4
ubuntu
больше 3 лет назад
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.
CVSS3: 5.4
nvd
больше 3 лет назад
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.
CVSS3: 5.4
debian
больше 3 лет назад
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cro ...
5.4 Medium
CVSS3