Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdwNncteDJnci1ycmY4
Cross-Site Scripting in ag-grid-community
Versions of ag-grid-community
prior to 14.0.0 are vulnerable to Cross-Site Scripting (XSS). Grid contents are not properly sanitized and may allow attackers to execute arbitrary JavaScript if user input is rendered in the grid.
Recommendation
Upgrade to version 14.0.0 or later
Permalink: https://github.com/advisories/GHSA-7p6w-x2gr-rrf8JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdwNncteDJnci1ycmY4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 4 years ago
Updated: almost 2 years ago
Identifiers: GHSA-7p6w-x2gr-rrf8
References:
- https://github.com/ag-grid/ag-grid/issues/1961
- https://www.npmjs.com/advisories/894
- https://github.com/advisories/GHSA-7p6w-x2gr-rrf8
Blast Radius: 0.0
Affected Packages
npm:ag-grid-community
Dependent packages: 766Dependent repositories: 5,156
Downloads: 3,064,909 last month
Affected Version Ranges: < 14.0.0
Fixed in: 14.0.0
All affected versions:
All unaffected versions: 18.1.2, 19.0.0, 19.1.1, 19.1.2, 19.1.3, 19.1.4, 20.0.0, 20.1.0, 20.2.0, 21.0.0, 21.0.1, 21.1.0, 21.1.1, 21.2.0, 21.2.1, 21.2.2, 22.0.0, 22.1.0, 22.1.1, 23.0.0, 23.0.1, 23.0.2, 23.1.0, 23.1.1, 23.2.0, 23.2.1, 24.0.0, 24.1.0, 25.0.0, 25.0.1, 25.1.0, 25.2.0, 25.2.1, 25.3.0, 26.0.0, 26.1.0, 26.2.0, 26.2.1, 27.0.0, 27.0.1, 27.1.0, 27.2.0, 27.2.1, 27.3.0, 28.0.0, 28.0.1, 28.0.2, 28.1.0, 28.1.1, 28.2.0, 28.2.1, 29.0.0, 29.1.0, 29.2.0, 29.3.0, 29.3.1, 29.3.2, 29.3.3, 29.3.4, 29.3.5, 30.0.0, 30.0.1, 30.0.2, 30.0.3, 30.0.5, 30.0.6, 30.1.0, 30.2.0, 30.2.1, 31.0.0, 31.0.1, 31.0.2, 31.0.3, 31.1.0, 31.1.1, 31.2.0, 31.2.1, 31.3.0, 31.3.1, 31.3.2, 31.3.4, 32.0.0, 32.0.1, 32.0.2, 32.1.0, 32.2.0, 32.2.1, 32.2.2, 32.3.0, 32.3.1