GMS-2016-94: Cross-Site Scripting

December 15, 2016

This package is vulnerable to Cross-Site Scripting (XSS) attacks. The autoescaping method was disabled by default, allowing an attacker to alter database values.

References

github.com/groveco/django-sql-explorer/commit/adb3bf8b12350e875b02db43409ca07c7368f576
github.com/groveco/django-sql-explorer/issues/267
github.com/groveco/django-sql-explorer/pull/286

Code Behaviors & Features

Detect and mitigate GMS-2016-94 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →