search

amidesfahani / filament-tinyeditor

a TineMce editor for Laravel Filament Forms
MIT License
46 stars 17 forks source link

Found 1 security vulnerability advisory affecting 1 package: #36

Closed faydanube closed 5 months ago

faydanube commented 5 months ago

Found 1 security vulnerability advisory affecting 1 package:

+-------------------+----------------------------------------------------------------------------------+
| Package           | tinymce/tinymce                                                                  |
| Severity          | medium                                                                           |
| CVE               | CVE-2024-29881                                                                   |
| Title             | TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files  |
|                   | through Object or Embed elements                                                 |
| URL               | https://github.com/advisories/GHSA-5359-pvf2-pw78                                |
| Affected versions | <7.0.0                                                                           |
| Reported at       | 2024-03-26T21:23:45+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+
faydanube commented 5 months ago

@amidesfahani Found 1 security vulnerability advisory affecting 1 package

NgYueHong commented 5 months ago

@amidesfahani I am also getting the security vulnerability today after installing the latest version 2.0. Could it be because the composer.json is still installing version 6.8?

    "require": {
        "php": "^8.1",
        "spatie/laravel-package-tools": "^1.16",
        "tinymce/tinymce": "^6.7"
    },