Description
Converse.js and Inverse.js through 3.3 allow remote attackers to obtain sensitive information because it is too difficult to determine whether safe publication of private data was configured or even intended.
Recommendation
Update the converse.js package to the latest compatible version. Followings are version details:
- Affected version(s): < 3.3.3
- Patched version(s): 3.3.3
References
Related Issues
- Mammoth is vulnerable to Directory Traversal - CVE-2025-11849
- json-logic-js Command Injection vulnerability - CVE-2021-4329
- Bootstrap Cross-site Scripting vulnerability - CVE-2016-10735
- protobufjs Prototype Pollution vulnerability - CVE-2023-36665
- Tags:
- npm
- converse.js
Anything's wrong? Let us know Last updated on October 06, 2023