Описание
sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.
A flaw was found in sanitize-url. It does not correctly sanitize with colons, possibly leading to a Cross-site scripting risk.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Service Mesh 2.1 | servicemesh-grafana | Will not fix | ||
| Red Hat Enterprise Linux 8 | grafana | Will not fix | ||
| Red Hat Enterprise Linux 9 | grafana | Will not fix |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2174307sanitize-url: XSS via HTML entities
EPSS
Процентиль: 63%
0.0045
Низкий
6.1 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.1
ubuntu
почти 3 года назад
sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.
CVSS3: 6.1
nvd
почти 3 года назад
sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.
CVSS3: 6.1
debian
почти 3 года назад
sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via ...
CVSS3: 6.1
github
почти 3 года назад
@braintree/sanitize-url Cross-site Scripting vulnerability
EPSS
Процентиль: 63%
0.0045
Низкий
6.1 Medium
CVSS3