GHSA-hgr5-82rc-p936 – md-data-table

Package

Manager: npm
Name: md-data-table
Vulnerable Version: >=0 <=2.2.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Cross-Site Scripting in md-data-table All versions of `md-data-table` are vulnerable to cross-site scripting (XSS). This vulnerability is exploitable if an attacker has control over data that is rendered by `mdt-row` ## Recommendation As there is no fix for this vulnerability at this time we recommend either selecting another package to perform this functionality or properly sanitizing all user data prior to rendering with `md-data-table`

Metadata

Created: 2020-09-01T21:24:41Z
Modified: 2020-08-31T18:34:23Z
Source: MANUAL
CWE IDs: ["CWE-79"]
Alternative ID: N/A
Finding: F008
Auto approve: 1