Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwajQtODlxOC1yaDM4

Cross-Site Scripting in bpmn-js-properties-panel

Versions of bpmn-js-properties-panel prior to 0.31.0 are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize input in specially configured diagrams, which may allow attackers to inject arbitrary JavaScript in the embedding website.

Recommendation

Upgrade to version 0.31.0 or later.

Permalink: https://github.com/advisories/GHSA-vpj4-89q8-rh38
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwajQtODlxOC1yaDM4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 4 years ago
Updated: almost 2 years ago


Identifiers: GHSA-vpj4-89q8-rh38
References: Blast Radius: 0.0

Affected Packages

npm:bpmn-js-properties-panel
Dependent packages: 242
Dependent repositories: 511
Downloads: 102,456 last month
Affected Version Ranges: < 0.31.0
Fixed in: 0.31.0
All affected versions: 0.1.0, 0.2.0, 0.2.1, 0.3.0, 0.4.0, 0.5.0, 0.6.0, 0.6.1, 0.6.2, 0.6.3, 0.7.0, 0.8.0, 0.8.1, 0.8.2, 0.9.0, 0.10.0, 0.11.0, 0.11.1, 0.11.2, 0.12.0, 0.13.0, 0.13.1, 0.14.0, 0.15.0, 0.16.0, 0.16.1, 0.17.0, 0.18.0, 0.18.1, 0.18.2, 0.18.3, 0.18.4, 0.18.5, 0.19.0, 0.19.1, 0.20.0, 0.21.0, 0.22.0, 0.22.1, 0.23.0, 0.24.0, 0.24.1, 0.24.2, 0.25.0, 0.25.1, 0.25.2, 0.26.0, 0.26.1, 0.26.2, 0.27.0, 0.28.0, 0.28.1, 0.28.2, 0.29.0, 0.30.0
All unaffected versions: 0.31.0, 0.32.0, 0.32.1, 0.32.2, 0.33.0, 0.33.1, 0.33.2, 0.34.0, 0.35.0, 0.36.0, 0.37.0, 0.37.1, 0.37.2, 0.37.3, 0.37.4, 0.37.5, 0.37.6, 0.38.0, 0.38.1, 0.39.0, 0.40.0, 0.41.0, 0.42.0, 0.43.0, 0.43.1, 0.44.0, 0.44.1, 0.45.0, 0.46.0, 1.0.0, 1.1.0, 1.1.1, 1.2.0, 1.3.0, 1.4.0, 1.5.0, 1.6.0, 1.6.1, 1.7.0, 1.8.0, 1.8.1, 1.8.2, 1.9.0, 1.10.0, 1.11.0, 1.11.1, 1.11.2, 1.11.3, 1.12.0, 1.13.0, 1.13.1, 1.14.0, 1.15.0, 1.15.1, 1.16.0, 1.17.0, 1.17.1, 1.17.2, 1.18.0, 1.19.0, 1.19.1, 1.20.0, 1.20.1, 1.20.2, 1.20.3, 1.21.0, 1.22.0, 1.22.1, 1.23.0, 1.24.0, 1.24.1, 1.25.0, 1.26.0, 2.0.0, 2.1.0, 3.0.0, 4.0.0, 4.0.1, 4.0.2, 5.0.0, 5.1.0, 5.2.0, 5.3.0, 5.4.0, 5.5.0, 5.5.1, 5.6.0, 5.6.1, 5.7.0, 5.8.0, 5.9.0, 5.10.0, 5.11.0, 5.11.1, 5.11.2, 5.12.0, 5.13.0, 5.14.0, 5.15.0, 5.16.0, 5.17.0, 5.17.1, 5.18.0, 5.18.1, 5.19.0, 5.20.0, 5.21.0, 5.22.0, 5.23.0, 5.23.1, 5.23.2, 5.24.0, 5.25.0