Description
Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended.
Recommendation
Update the converse.js package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.3.3
- Patched version(s): 3.3.3
References
Related Issues
- Cross Site Scripting vulnerability in store2 - CVE-2024-57556
- Bootstrap Cross-site Scripting vulnerability - CVE-2016-10735
- protobufjs Prototype Pollution vulnerability - CVE-2023-36665
- chromedriver Command Injection vulnerability - CVE-2023-26156
- Tags:
- npm
- converse.js
Anything's wrong? Let us know Last updated on October 06, 2023