-
-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2016-1000240 (Medium) detected in c3-0.4.10.min.js #3195
Comments
👋 Thanks for reporting! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2016-1000240 - Medium Severity Vulnerability
Vulnerable Library - c3-0.4.10.min.js
D3-based reusable chart library
Library home page: https://cdnjs.cloudflare.com/ajax/libs/c3/0.4.10/c3.min.js
Path to dependency file: /datas.html
Path to vulnerable library: /datas.html
Dependency Hierarchy:
Found in base branch: master
Vulnerability Details
c3 before 0.4.11 vulnerable to cross-site scripting via improper sanitization of HTML in rendered tooltips.
Publish Date: 2019-07-11
URL: CVE-2016-1000240
CVSS 3 Score Details (4.7)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.npmjs.com/advisories/138
Release Date: 2019-07-11
Fix Resolution: 0.4.11
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: