Unknown · Tileserver-Gl · CVE-2024-35627
**Name of the Vulnerable Software and Affected Versions**
tileserver-gl versions up to 4.4.10
**Description**
The issue is a cross-site scripting (XSS) vulnerability. It affects the component "/data/v3/?key".
**Recommendations**
For versions up to 4.4.10, update to a version later than 4.4.10 to resolve the issue.
As a temporary workaround, consider restricting access to the "/data/v3/?key" component until a patch is available.