CVE-2022-39390

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions octocat.js versions prior to 1.2

Description The issue concerns JavaScript injection via user-provided URLs. Users can include their own images for accessories via provided URLs, which are not validated, resulting in the potential execution of injected code.

Recommendations For versions prior to 1.2, update to version 1.2 to resolve the issue. As a temporary workaround, consider writing an image to disk and then using that image in an image element in HTML to mitigate the risk.

Special Elements Injection

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-94

Related Identifiers

CVE-2022-39390

GHSA-R4JG-5V89-9V62

Affected Products

Octocat.Js

CVE-2022-39390

Weakness Enumeration

Related Identifiers

Affected Products

References · 5