0.0004 Low
EPSS
Percentile
12.2%
Versions of three.js prior to 0.137.0 load untrusted iframes and allow for attackers to inject arbitrary javascript into a users browser.
github.com/advisories/GHSA-7vvq-7r29-5vg3
github.com/mrdoob/three.js/commit/0c31bc605e21965aad8a6479bb1969351773f76d
github.com/mrdoob/three.js/pull/23245
huntr.dev/bounties/16901080-99b4-4fb5-8c5b-931bfbf33cba
nvd.nist.gov/vuln/detail/CVE-2022-0177