GMS-2019-65: Cross-Site Scripting in vant

November 22, 2019 (updated August 18, 2021)

Versions of vant are vulnerable to Cross-Site Scripting. The text value of the Picker component column is not sanitized, which may allow attackers to execute arbitrary JavaScript in a victim’s browser. Upgrade to or later.

References

github.com/advisories/GHSA-9xr8-8hmc-389f
github.com/youzan/vant/issues/4270
github.com/youzan/vant/pull/4278/commits/d777b78c7dc2c904f474d057ea88449cfe2ca13a
snyk.io/vuln/SNYK-JS-VANT-460461
www.npmjs.com/advisories/1157

Code Behaviors & Features

Detect and mitigate GMS-2019-65 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →