OSVDB-132871: Content Injection via TileJSON Name
If you use L.mapbox.map and L.mapbox.shareControl, it is possible for a malicious user with control over the TileJSON content to inject script content into the name value of the TileJSON. After clicking on the share control, the malicious code will execute in the context of the page using Mapbox.js.
Code Behaviors & Features
Detect and mitigate OSVDB-132871 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →