Hi,
This package is vulnerable to 'Arbitrary Code Execution' when scanned using Veracode. The version of the package used is 2.2.0(latest)
Description - The vulnerability exists as it does not sanitize html input, allowing information to be exfiltrated through arbitrary XHR requests.
I could not get more useful information on this, because there are no mitigation steps to show this vulnerability as given in Veracode. But this is just a heads up as I could not find similar issues reported.
Hopefully, someone will look into this.
Hi, This package is vulnerable to 'Arbitrary Code Execution' when scanned using Veracode. The version of the package used is 2.2.0(latest) Description - The vulnerability exists as it does not sanitize html input, allowing information to be exfiltrated through arbitrary XHR requests. I could not get more useful information on this, because there are no mitigation steps to show this vulnerability as given in Veracode. But this is just a heads up as I could not find similar issues reported. Hopefully, someone will look into this.