7 matches found
CVE-2024-21485
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...
buzzword (>=1.2.1 <=1.2.3), dash-tokamak (=1.6.0) +20 more potentially affected by CVE-2024-21485 via dash-html-components (>=0.10.0 <=1.1.4)
dash-html-components PYPI version =0.10.0, =1.2.1, =0.1.0, =2.0.0b0, =0.1.0, =1.0.0, =0.0.2, =1.1.0, =1.0.0, =1.0.2.dev1 and more Source cves: CVE-2024-21485 Source advisory: OSV:GHSA-547X-748V-VP6P...
CVE-2024-21485
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...
PYSEC-2024-35
Versions of the package dash-core-components before 2.13.0; all versions of the package dash-core-components; versions of the package dash before 2.15.0; all versions of the package dash-html-components; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site...
CVE-2024-21485
Dash Framework (Dash, dash-core-components, dash-html-components) versions before 2.15.0 (core components before 2.13.0/2.0.0; html components before 2.0.0/2.0.16) are vulnerable to Cross-site Scripting (XSS) when the href attribute of an anchor tag is controlled by an attacker. The vulnerability...
CVE-2024-21485
Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable t...
Cross-site Scripting (XSS)
Overview dash-html-components is a Vanilla HTML components for Dash. Affected versions of this package are vulnerable to Cross-site Scripting XSS when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the...