4 matches found
@makerdao/testchain-client (>=0.0.1 <=0.3.0-beta.0) potentially affected by CVE-2021-46871 via phoenix_html (=2.14.3)
phoenixhtml NPM version =2.14.3 is affected by a known vulnerability. The following packages have a transitive dependency on phoenixhtml and may be impacted: - @makerdao/testchain-client =0.0.1, =0.3.0-beta.0 Source cves: CVE-2021-46871 Source advisory: OSV:GHSA-5G2H-9X5V-5H3X...
CVE-2021-46871
tag.ex in Phoenix Phoenix.HTML aka phoenixhtml before 3.0.4 allows XSS in HEEx class attributes...
CVE-2021-46871
Summary: CVE-2021-46871 affects Phoenix.HTML (Phoenix HTML) tag.ex prior to 3.0.4, where HEEx class attributes can trigger XSS. The root cause is insufficient escaping in tag.ex within phoenix_html before version 3.0.4. Details from provided documents: Affected component: phoenix_html (tag.ex); v...
CVE-2021-46871
tag.ex in Phoenix Phoenix.HTML aka phoenixhtml before 3.0.4 allows XSS in HEEx class attributes...