CVE-2014-7192
EPSS 42.6%Potential for Script Injection in syntax-error
Published: 10/24/2017Modified: 11/8/2023
Description
Versions of `syntax-error` prior to 1.1.1 are affected by a cross-site scripting vulnerability which may allow a malicious file to execute code when browserified. ## Recommendation Update to version 1.1.1 or later.
Affected packages (1)
- npm/syntax-errorfrom 0, < 1.1.1
References (8)
- ADVISORYhttps://github.com/advisories/GHSA-5726-g6r9-5f22
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-7192
- PATCHhttps://github.com/substack/node-syntax-error
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/96728
- WEBhttps://github.com/substack/node-browserify/blob/master/changelog.markdown#421
- WEBhttps://github.com/substack/node-syntax-error/commit/9aa4e66eb90ec595d2dba55e6f9c2dd9a668b309
- WEBhttps://www.npmjs.com/advisories/37
- WEBhttp://www-01.ibm.com/support/docview.wss?uid=swg21690815