Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdwNncteDJnci1ycmY4

Cross-Site Scripting in ag-grid-community

Versions of ag-grid-community prior to 14.0.0 are vulnerable to Cross-Site Scripting (XSS). Grid contents are not properly sanitized and may allow attackers to execute arbitrary JavaScript if user input is rendered in the grid.

Recommendation

Upgrade to version 14.0.0 or later

Permalink: https://github.com/advisories/GHSA-7p6w-x2gr-rrf8
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdwNncteDJnci1ycmY4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 4 years ago
Updated: almost 2 years ago


Identifiers: GHSA-7p6w-x2gr-rrf8
References: Repository: https://github.com/ag-grid/ag-grid
Blast Radius: 0.0

Affected Packages

npm:ag-grid-community
Dependent packages: 766
Dependent repositories: 5,156
Downloads: 3,064,909 last month
Affected Version Ranges: < 14.0.0
Fixed in: 14.0.0
All affected versions:
All unaffected versions: 18.1.2, 19.0.0, 19.1.1, 19.1.2, 19.1.3, 19.1.4, 20.0.0, 20.1.0, 20.2.0, 21.0.0, 21.0.1, 21.1.0, 21.1.1, 21.2.0, 21.2.1, 21.2.2, 22.0.0, 22.1.0, 22.1.1, 23.0.0, 23.0.1, 23.0.2, 23.1.0, 23.1.1, 23.2.0, 23.2.1, 24.0.0, 24.1.0, 25.0.0, 25.0.1, 25.1.0, 25.2.0, 25.2.1, 25.3.0, 26.0.0, 26.1.0, 26.2.0, 26.2.1, 27.0.0, 27.0.1, 27.1.0, 27.2.0, 27.2.1, 27.3.0, 28.0.0, 28.0.1, 28.0.2, 28.1.0, 28.1.1, 28.2.0, 28.2.1, 29.0.0, 29.1.0, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.3.4, 29.3.5, 30.0.0, 30.0.1, 30.0.2, 30.0.3, 30.0.5, 30.0.6, 30.1.0, 30.2.0, 30.2.1, 31.0.0, 31.0.1, 31.0.2, 31.0.3, 31.1.0, 31.1.1, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.3.2, 31.3.4, 32.0.0, 32.0.1, 32.0.2, 32.1.0, 32.2.0, 32.2.1, 32.2.2, 32.3.0, 32.3.1