GMS-2020-226: Cross-Site Scripting in diagram-js
(updated )
Versions of diagram-js (f ) (f ) are vulnerable to Cross-Site Scripting. The package fails to escape output of user-controlled input in search-pad, allowing attackers to execute arbitrary JavaScript. If you are using diagram-js, upgrade to
If you are using diagram-js, upgrade to
References
Code Behaviors & Features
Detect and mitigate GMS-2020-226 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →