13 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-3377
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL...
@aarnet/jupyterlab-ext-aarnet-help (=0.1.0), @aarnet/jupyterlab-ext-changeconf (>=0.1.0 <=0.1.1) +611 more potentially affected by CVE-2021-3377 via ansi_up (>=1.3.0 <=4.0.4)
ansiup NPM version =1.3.0, =0.1.0, =0.19.1-rc.2, =0.19.1-rc.3, =1.6.0, =0.1.1, =0.0.1, =0.1.0, =0.1.0, =1.0.1, =1.0.6 - @apsknight/jupyterlabxkcd =0.1.0 - @azidar/diagrammer-jupyterlab-ext =0.1.0 and more Source cves: CVE-2021-3377 Source advisory: OSV:GHSA-2V5F-23XC-V9QR...
ansi_up cross-site scripting vulnerability
The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...
CVE-2021-3377
A flaw was found in npm package ansiup versions 5.0.0 when parsing untrusted user input. An attacker could take advantage of this by introducing ANSI escape codes to inject arbitrary HTML and JavaScript in result mounting a cross-site scripting XSS attack...
Cross-Site Scripting (XSS)
ansiup is vulnerable to cross-site scripting XSS. The vulnerability exists as the existing sanitization methiod escapetxtforhtml is insufficient to prevent " and ' characters used in payloads...
DEBIAN-CVE-2021-3377
The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...
CVE-2021-3377
The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...
CVE-2021-3377
The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...
Cross site scripting
The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...
CVE-2021-3377
The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...
CVE-2021-3377
The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...
CVE-2021-3377
The CVE-2021-3377 issue affects the npm package ansi_up (used to convert ANSI escape codes to HTML). In version 4, the feature allowing ANSI codes to create HTML hyperlinks was not properly sanitized, enabling cross-site scripting (XSS). The vulnerability is fixed in version 5.0.0 and later. Prac...
CVE-2021-3377
The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting XSS vulnerability. This issue is fixed in v5.0.0...