Project

General

Profile

Actions

Bug #26903

closed

update webpack-bundle-analyzer

Added by Ohad Levy almost 5 years ago. Updated almost 5 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
JavaScript stack
Target version:
-
Difficulty:
Triaged:
No
Fixed in Releases:
Found in Releases:

Description

Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify() without properly escaping input which may lead to Cross-Site Scripting.

https://github.com/webpack-contrib/webpack-bundle-analyzer/issues/263

Actions #1

Updated by The Foreman Bot almost 5 years ago

  • Status changed from New to Ready For Testing
  • Assignee set to Ohad Levy
  • Pull request https://github.com/theforeman/foreman/pull/6804 added
Actions #2

Updated by Tomer Brisker almost 5 years ago

  • Fixed in Releases 1.23.0 added
Actions #3

Updated by Ohad Levy almost 5 years ago

  • Status changed from Ready For Testing to Closed
Actions

Also available in: Atom PDF