Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5cTQtdzNmbS13cm0y
Cross-Site Scripting in google-closure-library
Versions of google-closure-library prior to 20190301.0.0 are vulnerable to Cross-Site Scripting. The safedomtreeprocessor.processToString() function improperly processed empty elements, which could allow attackers to execute arbitrary JavaScript through Mutation Cross-Site Scripting.
Recommendation
Upgrade to version 20190301.0.0 or later.
Permalink: https://github.com/advisories/GHSA-r9q4-w3fm-wrm2JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5cTQtdzNmbS13cm0y
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 3 years ago
Updated: over 1 year ago
Identifiers: GHSA-r9q4-w3fm-wrm2
References:
- https://github.com/google/closure-library/commit/c79ab48e8e962fee57e68739c00e16b9934c0ffa#commitcomment-33294853
- https://snyk.io/vuln/SNYK-JS-GOOGLECLOSURELIBRARY-174519
- https://www.npmjs.com/advisories/878
- https://github.com/advisories/GHSA-r9q4-w3fm-wrm2
Blast Radius: 0.0
Affected Packages
npm:google-closure-library
Dependent packages: 237Dependent repositories: 2,063
Downloads: 276,509 last month
Affected Version Ranges: < 20190301.0.0
Fixed in: 20190301.0.0
All affected versions: 20150315.0.0, 20150505.0.0, 20150609.0.0, 20150729.0.0, 20150901.0.0, 20150920.0.0, 20151015.0.0, 20151216.0.0, 20160125.0.0, 20160208.0.0, 20160218.0.0, 20160218.0.1, 20160218.0.2, 20160315.0.0, 20160517.0.0, 20160619.0.0, 20160713.0.0, 20160822.0.0, 20160911.0.0, 20161024.0.0, 20161201.0.0, 20170124.0.0, 20170218.0.0, 20170218.0.1, 20170409.0.0, 20170521.0.0, 20170626.0.0, 20170806.0.0, 20170910.0.0, 20171112.0.0, 20171203.0.0, 20180204.0.0, 20180402.0.0, 20180405.0.0, 20180506.0.0, 20180716.0.0, 20180805.0.0, 20180910.0.0, 20190121.0.0, 20190215.0.0
All unaffected versions: 20190301.0.0, 20190325.0.0, 20190415.0.0, 20190513.0.0, 20190528.0.0, 20190618.0.0, 20190709.0.0, 20190729.0.0, 20190819.0.0, 20190909.0.0, 20190929.0.0, 20191027.0.0, 20191027.0.1, 20191111.0.0, 20200101.0.0, 20200112.0.0, 20200204.0.0, 20200224.0.0, 20200315.0.0, 20200406.0.0, 20200504.0.0, 20200517.0.0, 20200614.0.0, 20200628.0.0, 20200719.0.0, 20200830.0.0, 20200927.0.0, 20201006.0.0, 20201102.0.1, 20210106.0.0, 20210202.0.0, 20210302.0.0, 20210406.0.0, 20210601.0.0, 20210808.0.0, 20210906.0.0, 20210907.0.0, 20211006.0.0, 20211107.0.0, 20211201.0.0, 20220104.0.0, 20220202.0.0, 20220301.0.0, 20220405.0.0, 20220502.0.0, 20220601.0.0, 20220719.0.0, 20220803.0.0, 20220905.0.0, 20221004.0.0, 20221102.0.0, 20230103.0.0, 20230206.0.0, 20230228.0.0, 20230411.0.0, 20230502.0.0, 20230802.0.0