CVE-2021-23398

Sažetak

All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output.

Reference

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1314286
https://snyk.io/vuln/SNYK-JS-REACTBOOTSTRAPTABLE-1314285
https://github.com/AllenFang/react-bootstrap-table/blob/26d07defab759e4f9bce22d1d568690830b8d9d7/src/TableBody.js%23L114-L118
https://github.com/AllenFang/react-bootstrap-table/issues/2071

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

30-06-2021 - 20:20

Objavljeno

24-06-2021 - 15:15