Description
Versions of quill prior to 1.3.7 are vulnerable to Reverse Tabnabbing. The package uses target='_blank' in anchor tags, allowing attackers to access window.opener for the original page when opening links. This is commonly used for phishing attacks.
Recommendation
Update the quill package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.3.7
- Patched version(s): 1.3.7
References
Related Issues
- Prototype pollution in 101 - CVE-2021-25943
- Prototype Pollution in Ajv - CVE-2020-15366
- Use-After-Free in puppeteer - CVE-2019-5786
- Open Redirect in node-forge - CVE-2022-0122
- Tags:
- npm
- quill
Anything's wrong? Let us know Last updated on January 09, 2023