Description
Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended.
Recommendation
Update the converse.js package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.3.3
- Patched version(s): 3.3.3
References
Related Issues
- Exposure of Sensitive Information to an Unauthorized Actor in nanoid - CVE-2021-23566
- Exposure of Sensitive Information to an Unauthorized Actor in AEgir - CVE-2020-11059
- Exposure of Sensitive Information in eventsource - CVE-2022-1650
- Exposure of sensitive information in follow-redirects - CVE-2022-0155
- Tags:
- npm
- converse.js
Anything's wrong? Let us know Last updated on October 06, 2023