WS-2016-0053 (Medium) detected in sanitize-html-1.4.2.tgz #1012
Comments
crispy-peppers
pushed a commit
to crispy-peppers/juice-shop
that referenced
this issue
Nov 12, 2019
* Cache get place code for users and teams.
* Fix score changing test helpers to clear standings cache when generating a score changing row
* `utils._get_config` will now return `KeyError` instead of None.
* Separate `/api/v1/[users,teams]/[me,id]/[solves,fails,awards]` into seperate API endpoints
* Install `Flask-DebugToolbar` in development
Main goals covered in juice-shop#1012
|
This thread has been automatically locked because it has not had recent activity after it was closed. 🔒 Please open a new issue for regressions or related bugs. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
WS-2016-0053 - Medium Severity Vulnerability
Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis
Library home page: https://registry.npmjs.org/sanitize-html/-/sanitize-html-1.4.2.tgz
Path to dependency file: /juice-shop/package.json
Path to vulnerable library: /juice-shop/node_modules/sanitize-html/package.json
Dependency Hierarchy:
Sanitize-html provides a simple HTML sanitizer with a clear API.
Sanitization of HTML strings is not applied recursively to input, allowing an attacker to potentially inject script and other markup.
Publish Date: 2016-08-01
URL: WS-2016-0053
Base Score Metrics not available
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/135
Release Date: 2016-08-01
Fix Resolution: Upgrade to 1.4.3 or later
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: