2 matches found
sheetsee (>=0.0.1 <=0.0.3), sheetsee-maps (>=0.0.0 <=0.2.4) potentially affected by CVE-2017-1000042 via mapbox.js (=1.3.1)
mapbox.js NPM version =1.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on mapbox.js and may be impacted: - sheetsee =0.0.1, =0.0.0, =0.2.4 Source cves: CVE-2017-1000042 Source advisory: OSV:GHSA-QR28-7J6P-9HMV...
CVE-2017-1000042
Mapbox.js is affected by a cross-site scripting (XSS) vulnerability in TileJSON handling. Versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are vulnerable when untrusted TileJSON content is loaded via L.mapbox.map or L.mapbox.tileLayer from non-Mapbox URLs, allowing script injection in the TileJ...