Project

General

Profile

Bug #26903

update webpack-bundle-analyzer

Added by Ohad Levy 5 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
JavaScript stack
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify() without properly escaping input which may lead to Cross-Site Scripting.

https://github.com/webpack-contrib/webpack-bundle-analyzer/issues/263

Associated revisions

Revision 0c529c26 (diff)
Added by Ohad Levy 5 months ago

fixes #26903 - update webpack-bundle-analyzer

Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify() without properly escaping input which may lead to Cross-Site Scripting.

History

#1 Updated by The Foreman Bot 5 months ago

  • Assignee set to Ohad Levy
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/6804 added

#2 Updated by Tomer Brisker 5 months ago

  • Fixed in Releases 1.23.0 added

#3 Updated by Ohad Levy 5 months ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF