GMS-2023-29: dompurify vulnerable to Cross-site Scripting

January 11, 2023

dompurify prior to version 2.2.2 is vulnerable to cross-site scripting when converting from SVG namespace.

References

github.com/advisories/GHSA-pgjv-jrg2-gq3v
github.com/cure53/DOMPurify/issues/482
github.com/cure53/DOMPurify/releases/tag/2.2.2
security.snyk.io/vuln/SNYK-JS-DOMPURIFY-1035544

Code Behaviors & Features

Detect and mitigate GMS-2023-29 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →