Skip to content

[BUG] Compodoc : zepto vulnerability  #1416

New issue
New issue
Closed
Closed
[BUG] Compodoc : zepto vulnerability #1416
Assignees
vogloblinsky
Labels
Type: Bug
@turbo-xav

Description

@turbo-xav
turbo-xav
opened on Nov 30, 2023

Hi,

My problem

Compodoc 1.1.23 pulls the lib zepto which is vulnerable to Cross-Site Scripting (XSS) attacks.

My company's IQ server reports the vulnerability and blocks my deployments

Sonatype

Ref : sonatype-2020-1437

Advisories link :https://securitylab.github.com/advisories/GHSL-2020-098-mxss-zepto

Iq recommandation : There is no non-vulnerable upgrade path for this component/package. We recommend investigating alternative components or a potential mitigating control.

My question is :

Is there a next version of compodoc planned without the lib zepto

Thanks

Metadata

Metadata

Assignees

Labels

Type: Bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions
    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy