Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access
- Severity:
- Medium
Description
A vulnerability classified as problematic has been found in Twitter-Post-Fetcher up to 17.x. This affects an unknown part of the file js/twitterFetcher.js of the component Link Target Handler. The manipulation leads to use of web link to untrusted target with window.opener access. It is possible to initiate the attack remotely.
Recommendation
Update the twitter-fetcher-js package to the latest compatible version. Followings are version details:
- Affected version(s): < 18.0.0
- Patched version(s): 18.0.0
References
Related Issues
- x402 SDK vulnerable in outdated versions in resource servers for builders (GHSA-3j63-5h8p-gf7c) 3 - Vulnerability
- Bun has an Application-level Prototype Pollution vulnerability in the runtime native API for Glo - CVE-2024-21548
- jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label - CVE-2022-31160
- Opening a malicious website while running a Nuxt dev server could allow read-only access to code - CVE-2025-24361
- Tags:
- npm
- twitter-fetcher-js
Anything's wrong? Let us know Last updated on February 02, 2023