PT-2019-20063 — XSS in Webpack Webpack-Bundle-Analyzer

PT-2019-20063 · Webpack · Webpack-Bundle-Analyzer

Published

2019-05-23

Updated

2019-05-23

CVSS v3.1

6.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions webpack-bundle-analyzer versions prior to 3.3.2

Description The issue concerns Cross-Site Scripting due to the improper use of JSON.stringify() without escaping input, which may lead to security risks.

Recommendations Upgrade to version 3.3.2 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

GHSA-PGR8-JG6H-8GW6

Affected Products

Webpack-Bundle-Analyzer

PT-2019-20063 · Webpack · Webpack-Bundle-Analyzer

Weakness Enumeration

Related Identifiers

Affected Products

References · 6