CVE-2017-1000043
The CVE refers to a cross-site scripting vulnerability in Mapbox.js. Affected versions are 1.x before 1.6.6 and 2.x before 2.2.4, where using L.mapbox.map or L.mapbox.shareControl with TileJSON content under user control can allow injection of script content into the TileJSON name field. After th...