GMS-2017-186: Cross-site Scripting

August 29, 2017

This package is vulnerable to Cross-site Scripting (XSS) attacks. The autoescape option was set to False in the jinja configuration, allowing attackers to use inject content into user input.

References

github.com/reformo/rsanic/blob/master/ChangeLog.rst
github.com/reformo/rsanic/commit/6791cb09c322e1ff6e7b471a3bd2219a44e25801

Code Behaviors & Features

Detect and mitigate GMS-2017-186 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →