redis-commander (>=0.6.7 <=0.7.2) potentially affected by CVE-2022-30241 via jquery.json-viewer (=1.4.0)

jquery.json-viewer NPM version =1.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on jquery.json-viewer and may be impacted: - redis-commander =0.6.7, =0.7.2 Source cves: CVE-2022-30241 Source advisory: OSV:GHSA-QP2Q-6H9J-JG2R...

CVE-2022-30241

The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...

CVE-2022-30241

The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as in a JSON object, as demonstrated by a SCRIPT element...

Node.js 跨站脚本漏洞

Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in jquery.json-viewer version 1.4.0 and earlier versions of Node.js, which stems from the inability to correctly escape characters e.g., in a JSON object, as shown in the SCRIPT element...