Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhncjUtODJyYy1wOTM2

Cross-Site Scripting in md-data-table

All versions of md-data-table are vulnerable to cross-site scripting (XSS). This vulnerability is exploitable if an attacker has control over data that is rendered by mdt-row

Recommendation

As there is no fix for this vulnerability at this time we recommend either selecting another package to perform this functionality or properly sanitizing all user data prior to rendering with md-data-table

Permalink: https://github.com/advisories/GHSA-hgr5-82rc-p936
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhncjUtODJyYy1wOTM2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 4 years ago
Updated: about 2 years ago

Identifiers: GHSA-hgr5-82rc-p936
References:

Blast Radius: 0.0

Affected Packages

npm:md-data-table

Dependent packages: 3
Dependent repositories: 10
Downloads: 347 last month
Affected Version Ranges: >= 0.0.0
No known fixed version
All affected versions: 1.3.0, 1.4.1, 1.4.2, 1.6.4, 1.6.5, 1.6.6, 1.6.8, 1.6.9, 1.6.10, 1.6.11, 1.6.12, 1.7.0, 1.8.0, 1.8.3, 1.8.4, 1.8.5, 1.8.6, 1.8.7, 2.0.0, 2.0.1, 2.1.0, 2.2.0