CVE-2017-16015

描述

Affected versions of `forms` do not properly escape HTML in generated forms, which may result in cross-site scripting. ## Recommendation Update to version 1.3.0 or later.

受影響套件(1)

• npm/formsfrom 0, < 1.3.0

CVSS 分數

參考連結(4)

• ADVISORYhttps://github.com/advisories/GHSA-vwjj-2852-3765
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-16015
• WEBhttps://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d
• WEBhttps://www.npmjs.com/advisories/158