Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS1nM2NoLXJ4NzYtMzVmeM4AA-GA

vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)

A vulnerability has been discovered in vue-template-compiler, that allows an attacker to perform XSS via prototype pollution. The attacker could change the prototype chain of some properties such as Object.prototype.staticClass or Object.prototype.staticStyle to execute arbitrary JavaScript code. Vue 2 has reached End-of-Life. This vulnerability has been patched in Vue 3.

Permalink: https://github.com/advisories/GHSA-g3ch-rx76-35fx
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nM2NoLXJ4NzYtMzVmeM4AA-GA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 6 months ago
Updated: 5 months ago

CVSS Score: 4.2
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

EPSS Percentage: 0.00043
EPSS Percentile: 0.10511

Identifiers: GHSA-g3ch-rx76-35fx, CVE-2024-6783
References:

• https://nvd.nist.gov/vuln/detail/CVE-2024-6783
• https://www.herodevs.com/vulnerability-directory/cve-2024-6783
• https://github.com/advisories/GHSA-g3ch-rx76-35fx

Blast Radius: 24.6

Affected Packages