Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk:Medium] dompurify (due on 06/17/2024) #6206

Closed
2 tasks
tmpayton opened this issue Apr 17, 2024 · 0 comments · Fixed by #6322
Closed
2 tasks

[Snyk:Medium] dompurify (due on 06/17/2024) #6206

tmpayton opened this issue Apr 17, 2024 · 0 comments · Fixed by #6322
Assignees
@cnlucas
Labels
Security: moderate Remediate within 60 days
Milestone
25.2

Comments

@tmpayton
Copy link
Contributor

tmpayton commented Apr 17, 2024
edited by cnlucas
Loading

Introduced through
[email protected]

Fixed in
[email protected], @3.0.11

Exploit maturity
PROOF OF CONCEPT

Detailed paths and remediation
Introduced through: [email protected][email protected]
Fix: Upgrade to [email protected]
Security information
Factors contributing to the scoring:
Snyk: CVSS 5.3 - Medium Severity

NVD: NVD only publishes analysis of vulnerabilities which are assigned a CVE ID. This vulnerability currently does not have an assigned CVE ID.
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

Completion Criteria
@tmpayton tmpayton added the Security: moderate Remediate within 60 days label Apr 17, 2024
@tmpayton tmpayton added this to the 25.2 milestone Apr 17, 2024
@tmpayton tmpayton mentioned this issue Apr 17, 2024
Closed
3 tasks
@cnlucas cnlucas mentioned this issue Apr 24, 2024
Closed
2 tasks
This was referenced May 1, 2024
Closed
Closed
@pkfec pkfec mentioned this issue May 16, 2024
Closed
2 tasks
@cnlucas cnlucas moved this to 🔜 Sprint backlog in Website project May 21, 2024
@pkfec pkfec mentioned this issue May 22, 2024
Closed
3 tasks
@cnlucas cnlucas self-assigned this May 28, 2024
@cnlucas cnlucas moved this from 🔜 Sprint backlog to 📥 Assigned in Website project May 28, 2024
This was referenced May 29, 2024
Closed
Closed
@cnlucas cnlucas mentioned this issue Jun 5, 2024
Merged
@github-project-automation github-project-automation bot moved this from 📥 Assigned to ✅ Done in Website project Jun 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cnlucas cnlucas

Labels
Security: moderate Remediate within 60 days
Projects
Website project
Status: ✅ Done
Milestone
25.2
Development

Successfully merging a pull request may close this issue.

6206 upgrade dompurify fecgov/fec-cms
2 participants
@cnlucas @tmpayton