Description
Versions of react-svg before 2.2.18 are vulnerable to cross-site scripting (xss). This is due to the fact that scripts found in SVG files are run by default.
Recommendation
Update the react-svg package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.2.18
- Patched version(s): 2.2.18
References
Related Issues
- external-svg-loader Cross-site Scripting vulnerability - CVE-2023-40013
- Cross-Site Scripting in react - Vulnerability
- Cross Site Scripting vulnerability in store2 - CVE-2024-57556
- Bootstrap Cross-Site Scripting (XSS) vulnerability - CVE-2024-6531
- Tags:
- npm
- react-svg
Anything's wrong? Let us know Last updated on January 09, 2023