Closed hakan-77 closed 1 week ago
https://github.com/advisories/GHSA-2r57-2mrh-ggjv
A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser. References
https://nvd.nist.gov/vuln/detail/CVE-2024-37063 https://hiddenlayer.com/sai-security-advisory/ydata-june2024
Secured
N/A
No response
= 3.7.0, <= 4.8.3
All OSes
Current Behaviour
https://github.com/advisories/GHSA-2r57-2mrh-ggjv
A cross-site scripting (XSS) vulnerability in versions 3.7.0 or newer of Ydata's ydata-profiling open-source library allows for payloads to be run when a maliocusly crafted report is viewed in the browser. References
Expected Behaviour
Secured
Data Description
N/A
Code that reproduces the bug
No response
pandas-profiling version
Dependencies
OS
All OSes
Checklist