GMS-2023-580: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) in vega.
References
- github.com/advisories/GHSA-4vq7-882g-wcg4
- github.com/vega/vega/releases/tag/v5.23.0
- github.com/vega/vega/security/advisories/GHSA-4vq7-882g-wcg4
- github.dev/vega/vega/blob/72b9b3bbf912212e7879b6acaccc84aff969ef1c/packages/vega-functions/src/functions/scale.js
- github.dev/vega/vega/blob/72b9b3bbf912212e7879b6acaccc84aff969ef1c/packages/vega-functions/src/scales.js
- vega.github.io/editor/
Code Behaviors & Features
Detect and mitigate GMS-2023-580 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →