Open RezaRahmati opened 2 years ago
Seeing the same thing on a site:
I believe it may be a false positive since that function is calling scriptContent
which should always be controlled by the user and not vulnerable to injection, but I could definitely be wrong!
Hi
Veracode is reporting two very high severity CWE-95 issue on the lib, in partytwon-ww.atomic.js line 686 and partytown-ww.sw.js line 678 (lib is directly used in gatsby)
The reference to the issue https://cwe.mitre.org/data/definitions/95.html