CVE-2024-47061 Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs

Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...

CVE-2024-47061 Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs

Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...

CVE-2024-47061

The CVE-2024-47061 issue affects Plate editors using @udecode/plate-core, where arbitrary DOM attributes can be injected via nodeProps (often from the attributes property), enabling cross-site scripting (XSS) and potential information exposure (e.g., user IPs and whether a malicious document is o...

CVE-2024-47061 Arbitrary DOM attributes in element.attributes and leaf.attributes in Platejs

Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the attributes property. These attributes are passed to the...

@12joan/plate-tabbable (=19.4.0), @antv/narrative-text-editor (>=0.1.1 <=0.2.20) +173 more potentially affected by CVE-2024-47061 via @udecode/plate-core (>=10.0.0 <=21.5.0)

@udecode/plate-core NPM version =10.0.0, =0.1.1, =1.0.103, =1.3.0, =2.19.0, =1.0.1, =0.1.49, =0.0.1, =0.0.7, =0.0.1, =0.0.1, =0.0.3, =0.10.0, =0.11.0 and more Source cves: CVE-2024-47061 Source advisory: OSV:GHSA-73RG-F94J-XVHX...