WS-2016-0053 (Medium) detected in sanitize-html-1.4.2.tgz - autoclosed #7
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
Mend: dependency security vulnerability
mend-bolt-for-github
bot
changed the title
|
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
WS-2016-0053 - Medium Severity Vulnerability
Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis
Library home page: https://registry.npmjs.org/sanitize-html/-/sanitize-html-1.4.2.tgz
Path to dependency file: /tmp/ws-scm/devslop/package.json
Path to vulnerable library: /devslop/node_modules/sanitize-html/package.json
Dependency Hierarchy:
Found in HEAD commit: 3437ea512d73ad9cae18d692c18facdeea1aa2bc
Sanitize-html provides a simple HTML sanitizer with a clear API.
Sanitization of HTML strings is not applied recursively to input, allowing an attacker to potentially inject script and other markup.
Publish Date: 2016-08-01
URL: WS-2016-0053
Base Score Metrics not available
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/135
Release Date: 2016-08-01
Fix Resolution: Upgrade to 1.4.3 or later
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: