CVE-2021-3914

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in maven/io.smallrye/smallrye-health-ui

Identifiers

GHSA-pvc3-wvxr-7cmf, CVE-2021-3914

Package Slug

maven/io.smallrye/smallrye-health-ui

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

It was found that the smallrye health metrics UI component does not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.

Affected Versions

All versions before 3.1.2

Solution

Upgrade to version 3.1.2 or above.

Last Modified

2023-11-17

source