GMS-2022-2345: Insufficient HTML Sanitization

June 17, 2022

Affected versions can have malicious javascript code injected into the users browser by other authenticated users, as data fields retrieved from the database are not properly sanitized before displaying in various front-end views.

References

github.com/advisories/GHSA-rm89-9g65-4ffr
github.com/inventree/InvenTree/security/advisories/GHSA-rm89-9g65-4ffr

Code Behaviors & Features

Detect and mitigate GMS-2022-2345 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →