GMS-2019-114: Cross-Site Scripting via JSONP

June 27, 2019 (updated August 17, 2021)

JSONP allows untrusted resource URLs, which provides a vector for attack by malicious actors.

References

github.com/advisories/GHSA-28hp-fgcr-2r4h
github.com/angular/angular.js/commit/6476af83cd0418c84e034a955b12a842794385c4
www.npmjs.com/advisories/1630

Code Behaviors & Features

Detect and mitigate GMS-2019-114 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →