CVE-2022-2217

Опубликовано: 27 июн. 2022

Источник: redhat

CVSS3: 6.1

Описание

Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0.

A cross-site-scripting (XSS) flaw was found in the parse-url package of npm. This issue could allow an attacker to use escape characters to run malicious JavaScript code on a webpage that was generated by the affected package. The highest impact is to integrity and confidentiality.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat build of Apicurio Registry 2	parse-url	Not affected
Red Hat Decision Manager 7	parse-url	Out of support scope
Red Hat Integration Camel K 1	parse-url	Not affected
Red Hat Integration Data Virtualisation Operator	parse-url	Not affected
Red Hat Integration Service Registry	parse-url	Not affected
Red Hat OpenShift Container Platform 4	openshift4/ose-console	Will not fix
Red Hat OpenShift Dev Spaces	devspaces/dashboard-rhel8	Not affected
Red Hat OpenShift distributed tracing 2	rhosdt/jaeger-all-in-one-rhel8	Affected
Red Hat OpenShift distributed tracing 2	rhosdt/jaeger-query-rhel8	Affected
Red Hat OpenShift GitOps	openshift-gitops-1/argocd-rhel8	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-79

https://bugzilla.redhat.com/show_bug.cgi?id=2102863npm: XSS in parse-url

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2022-2217

CVSS3: 6.1

nvd

больше 3 лет назад

Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0.

GHSA-q6wq-5p59-983w

CVSS3: 6.1

github

больше 3 лет назад

Cross site scripting in parse-url

6.1 Medium

CVSS3