GHSA-f3cj-j4f6-wq85
ADVISORY - githubSummary
Contents of hydratable promises were not properly stringified, potentially leading to an XSS exploit. You are vulnerable if all of the following is true:
- you are using
hydratable(an experimental feature at the time of this report) - you are passing attacker-controlled input such that a synchronous value is hydrated, then a promise value, e.g.
hydratable('someKey', () => [synchronousValue, promiseValue])
Common Weakness Enumeration (CWE)
ADVISORY - github
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
GitHub
CREATED
UPDATED
ADVISORY IDGHSA-f3cj-j4f6-wq85
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)