CVE-2017-0931

描述

Versions of `html-janitor` prior to 2.0.2 (all current versions) are vulnerable to cross-site scripting (XSS). This is exploitable if user-controlled data is passed into the modules `clean()` function. ## Recommendation No fix is currently available for this vulnerability. It is recommended to use an alternative module for HTML sanitization.

受影響套件(1)

• npm/html-janitorfrom 0, < 2.0.3

CVSS 分數

參考連結(5)

• ADVISORYhttps://github.com/advisories/GHSA-hfj4-96f7-6r5g
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-0931
• WEBhttps://github.com/guardian/html-janitor/issues/34
• WEBhttps://hackerone.com/reports/308155
• WEBhttps://www.npmjs.com/advisories/576