Описание
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2.
A prototype pollution vulnerability was found in Linkify. This vulnerability allows an attacker to inject HTML attributes and manipulate user-controlled variables.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
OpenShift Serverless | openshift-serverless-1/kn-backstage-plugins-eventmesh-rhel8 | Not affected | ||
Red Hat Developer Hub | rhdh/rhdh-hub-rhel9 | Not affected | ||
Red Hat Developer Hub | rhdh/rhdh-rhel9-operator | Not affected |
Показывать по
Дополнительная информация
Статус:
8.6 High
CVSS3
Связанные уязвимости
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Linkify (linkifyjs) allows XSS Targeting HTML Attributes and Manipulating User-Controlled Variables.This issue affects Linkify: from 4.3.1 before 4.3.2.
Improperly Controlled Modification of Object Prototype Attributes ('Pr ...
Linkify Allows Prototype Pollution & HTML Attribute Injection (XSS)
8.6 High
CVSS3