GHSA-f3cj-j4f6-wq85

ADVISORY - github

Summary

Contents of hydratable promises were not properly stringified, potentially leading to an XSS exploit. You are vulnerable if all of the following is true:

you are using hydratable (an experimental feature at the time of this report)
you are passing attacker-controlled input such that a synchronous value is hydrated, then a promise value, e.g. hydratable('someKey', () => [synchronousValue, promiseValue])

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-79⁠

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.