GHSA-2v5f-23xc-v9qr

Suggest an improvement
Source
https://github.com/advisories/GHSA-2v5f-23xc-v9qr
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-2v5f-23xc-v9qr/GHSA-2v5f-23xc-v9qr.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-2v5f-23xc-v9qr
Aliases
Published
2021-03-11T22:50:39Z
Modified
2023-11-01T04:55:36.745163Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
ansi_up cross-site scripting vulnerability
Details

The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0.

Database specific 
{
    "nvd_published_at": "2021-03-05T21:15:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-11T22:49:55Z"
}
References

Affected packages

npm / ansi_up

Package

Name
ansi_up
View open source insights on deps.dev
Purl
pkg:npm/ansi_up

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.0.0