Closed jstrong62 closed 3 years ago
The following "High" finding was reporting by a Fortify security scan and needs remediation to pass a standard security scan.
Version 6.14.11 history/cjs/history.js
386: window.location.href = href; 399: window.location.href = href;
Details from Fortify:
The method lambda() in history.js sends unvalidated data to a web browser on line 386 & 399, which can result in the browser executing malicious code.
This is a false positive. That isn't how that operates at all.
The following "High" finding was reporting by a Fortify security scan and needs remediation to pass a standard security scan.
Version 6.14.11 history/cjs/history.js
Details from Fortify:
The method lambda() in history.js sends unvalidated data to a web browser on line 386 & 399, which can result in the browser executing malicious code.