Description
Versions of react-svg before 2.2.18 are vulnerable to cross-site scripting (xss). This is due to the fact that scripts found in SVG files are run by default.
Recommendation
Update the react-svg package to the latest compatible version. Followings are version details:
- Affected version(s): < 2.2.18
- Patched version(s): 2.2.18
References
Related Issues
- Cross-site Scripting in jquery-ui - CVE-2010-5312
- nuxt Code Injection vulnerability - CVE-2023-3224
- QooxDoo XSS in Callback Parameter - CVE-2011-1714
- Denial of Service in ipfs-bitswap - Vulnerability
- Tags:
- npm
- react-svg
Anything's wrong? Let us know Last updated on January 09, 2023