search

noi-techpark / it.bz.beacon.admin

This repository contains the sourcecode of the administration webapp frontend
Other
0 stars 3 forks source link

Security issue: webpack-bundle-analyzer #13

Closed Piiit closed 5 years ago

Piiit commented 5 years ago

Remediation

Upgrade webpack-bundle-analyzer to version 3.3.2 or later. For example:

webpack-bundle-analyzer@^3.3.2:

version "3.3.2"

Always verify the validity and compatibility of suggestions with your codebase. Details WS-2019-0058 More information --> See https://github.com/webpack-contrib/webpack-bundle-analyzer/issues/263 moderate severity Vulnerable versions: < 3.3.2 Patched version: 3.3.2

Versions of webpack-bundle-analyzer prior to 3.3.2 are vulnerable to Cross-Site Scripting. The package uses JSON.stringify() without properly escaping input which may lead to Cross-Site Scripting.

raiffeisennet commented 5 years ago

fixed in PR "packages updated"