CVE-2014-7192
EPSS 42.6%Potential for Script Injection in syntax-error
發布日:2017/10/24修改日:2023/11/8
描述
Versions of `syntax-error` prior to 1.1.1 are affected by a cross-site scripting vulnerability which may allow a malicious file to execute code when browserified. ## Recommendation Update to version 1.1.1 or later.
受影響套件(1)
- npm/syntax-errorfrom 0, < 1.1.1
參考連結(8)
- ADVISORYhttps://github.com/advisories/GHSA-5726-g6r9-5f22
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2014-7192
- PATCHhttps://github.com/substack/node-syntax-error
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/96728
- WEBhttps://github.com/substack/node-browserify/blob/master/changelog.markdown#421
- WEBhttps://github.com/substack/node-syntax-error/commit/9aa4e66eb90ec595d2dba55e6f9c2dd9a668b309
- WEBhttps://www.npmjs.com/advisories/37
- WEBhttp://www-01.ibm.com/support/docview.wss?uid=swg21690815