OSVDB-129854: Content Injection via TileJSON attribute
If you use L.mapbox.map or L.mapbox.tileLayer to load untrusted TileJSON content from a non-Mapbox URL, it is possible for a malicious user with control over the TileJSON content to inject script content into the attribution value of the TileJSON which will be executed in the context of the page using Mapbox.js.
Code Behaviors & Features
Detect and mitigate OSVDB-129854 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →