search

AlexRogalskiy / java-patterns

🏆 Java4You Design patterns
https://alexander-rogalsky.gitbook.io/java-patterns/
GNU General Public License v3.0
11 stars 4 forks source link

WS-2016-0048 (Medium) detected in c3-0.4.10.min.js #954

Closed mend-bolt-for-github[bot] closed 1 year ago

mend-bolt-for-github[bot] commented 2 years ago

WS-2016-0048 - Medium Severity Vulnerability

Vulnerable Library - c3-0.4.10.min.js

D3-based reusable chart library

Library home page: https://cdnjs.cloudflare.com/ajax/libs/c3/0.4.10/c3.min.js

Path to dependency file: /datas.html

Path to vulnerable library: /datas.html

Dependency Hierarchy: - :x: **c3-0.4.10.min.js** (Vulnerable Library)

Found in HEAD commit: 293ab07ba323c57f39a3e1d9c3bc0f2e7ecf9e11

Found in base branch: master

Vulnerability Details

C3 is a D3-based reusable chart library that enables deeper integration of charts into web applications. Versions 0.4.10 and lower of c3 contain a cross site scripting (XSS) vulnerability through improper html sanitization on rendered tooltips.

Publish Date: 2016-05-01

URL: WS-2016-0048

CVSS 3 Score Details (6.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Changed - Impact Metrics: - Confidentiality Impact: Low - Integrity Impact: Low - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/WS-2016-0048

Release Date: 2016-05-01

Fix Resolution: c3 - 0.4.11-rc2

Step up your Open Source Security Game with WhiteSource here

github-actions[bot] commented 2 years ago

👋 Thanks for reporting!

github-actions[bot] commented 2 years ago

Message that will be displayed on users' first issue

github-actions[bot] commented 1 year ago

Greetings! Sorry to say but this is a very old issue that is probably not getting as much attention as it deservers. We encourage you to check if this is still an issue in the latest release and if you find that this is still a problem, please feel free to open a new one.

github-actions[bot] commented 2 months ago

This old thread has been automatically locked. If you think you have found something related to this, please open a new issue by following the issue guide (https://github.com/AlexRogalskiy/java-patterns/blob/master/.github/ISSUE_TEMPLATE/bug_report.md), and link to this old issue if necessary.